# Internet is slow on one computer but not others on the network.



## shivafang (Jul 5, 2008)

My home network has 3 computes operating on a hub or router (I forget the difference) all using the same cable internet line. Using an internet benchmark, my computer seems to be operating at around 47 kb/s whereas both other computers are operating around 470 kb/s. I'm not sure what is wrong. My computer is older (2.1 ghz p4 1gig ram) and the other two computers are new within the last 6 months. No other software was running or downloads in progress when the benchmark was in place. Are there anythings I can check on my computer to make it surf faster? I've already tried using a different cord and a different 'slot' on the router, defragging the hard drive, scanning for spyware and viruses. I've broken my Windows XP disks (  ) so a reinstall is not an option. For what it is worth, one of the other computers in the network is also running XP and the other is running Vista. My computer has been running this way for.. as long as I can remember I just kinda assumed it was normal until I got frustrated with it. Could it be something to do with the network card? Or is it something software related?

EDIT: one more thing to add;

It's a cable line, but peak time is not the only time it is slow - it seems to be slow at all hours of the day.


----------



## ~Candy~ (Jan 27, 2001)

Hi and welcome. Go to the Malware Removal Forum, read the very first thread there, follow instructions to download and post a hijack this log.

POST THE LOG BACK TO THIS THREAD. Do not create a new one there. Thanks.


----------



## shivafang (Jul 5, 2008)

Thanks for your quick reply. File attached.

At a quick glance my untrained eyes see a few suspicious things (Noble Poke Casino?) but nothing too worrysome. There are a few things here I would LOVE to get rid of, like the tunebite demo that I tried and didn't like but wouldn't leave my computer =Z.

I should also add that most of the time my 'network use status' is at 0%, so it's not like my bandwidth is being used by other programs. (I can't remember where that is now, I know I checked it earlier =Z. Sometimes I can find system tools, sometimes I have to search for them *zigh*)


----------



## ~Candy~ (Jan 27, 2001)

I'll post it so that it's easier to see.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:55 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
C:\Program Files\Instant Buzz\IBDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
D:\Program Files\Logitech\Profiler\lwemon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\RapidSolution\Tunebite\Tunebite.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Thunderbird\thunderbird.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [Simpleology 1.0] D:\Program Files\Simpleology\simpleology Wimiki\simpleology Wimiki.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [RealityPrompter] C:\Documents and Settings\Justin White\prompter.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "d:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tunebite] D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-57989841-1677128483-725345543-1004\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-57989841-1677128483-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-1677128483-725345543-1004\..\Run: [Tunebite] D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-57989841-1677128483-725345543-1004 Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - d:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Justin White\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212989891546
O18 - Protocol: bw+0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - D:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 21563 bytes


----------



## ~Candy~ (Jan 27, 2001)

Why are you running programs from so many different drives?


----------



## shivafang (Jul 5, 2008)

Sorry, I didn't know you wanted me to post it in thread, I thought attaching it would be space saving.

To answer your question - When I last reformatted my computer, I partitioned the drive so that if I needed to re-install windows I could do it without reformatting my entire drive (I only had one drive at the time and was not comfortable installing a new drive back then). Unfortunatly, I didn't give it very much more than what windows needs to run.

Basically I put system-critical stuff on C, and I still have enough space to defrag (I think it wants about 20% free or something). Everything else I use the D: Drive (which is a separate hard drive I bought and installed that's larger than the main drive). I also have the 'F' drive, which is the other partition of the main drive, that I just use for storage. I've even remapped my 'My Documents' folder to D:, which gives me alerts for security flaws but it had to be done because the games I play automatically save in my documents.

I know that a lot of my computer ram slowness is a result of this issue, but that's not a whole lot I can fix right now, since my disks broke, and I don't see how that can be related to my internet slowness issue. If I could reformat my main drive I would and remove the partition, but not having the disks anymore kinda hinders that.

As an aside - is it possible to use someone else's disks (my roomate's) as long as I have my original Product Key code for my version? (It's stickered on my computer so there was no way I could lose it ^-^)


----------



## JohnWill (Oct 19, 2002)

You'll probably come to grief trying to use someone else's Windows disks, OEM Windows disks are unique to the brand, and sometimes even to specific models.

You have adware, as well as something odd going on in the TCP/IP protocol stack. We'll need to have a security expert instruct on the adware removal.

Let's try to repair the TCP/IP stack and see if that helps with the speed, but you need to get rid of the *Instant Buzz* adware, because it's also slowing you down.

*TCP/IP stack repair options for use with Windows XP with SP2/SP3.*

*S*tart, *R*un, *CMD* to open a command prompt:

In the command prompt window that opens, type type the following commands:

_Note: Type only the text in bold for the following commands._

Reset TCP/IP stack to installation defaults, type: *netsh int ip reset reset.log*

Reset WINSOCK entries to installation defaults, type: *netsh winsock reset catalog*

Reboot the machine.


----------



## shivafang (Jul 5, 2008)

'netsh' is not recognized as an internal or external command, operable program or batch file.


EDIT: Now that I think about it I'm not sure if I've upgraded my service packs. I used to have it set up to download them automatically but then I was having trouble with a program and had to upgrade my .net framwork. I'm pretty sure I saw a lot of SP2 updates while I was doing that.

Would you mind reminding me how to get into that so I can make sure those are downloaded? I"m worried about downloading them, as I've said above my C: drive dosn't have a whole lot of space 

EDIT 2: Found the windows update page, I'll upgrade my Service Pack and then try the netsh again. Should I post a new HackThis Log afterwards?


----------



## ~Candy~ (Jan 27, 2001)

You can, but, you're already running SP2 from the looks of it. SP3 is now available, but, as you said, your hard drive may not allow you to download and install it.


----------



## shivafang (Jul 5, 2008)

Oh.. but if I'm running SP2 why is netsh not working?

That said, it makes sense. I'm pretty sure last time I resinsstalled I had to download SP1 and SP2.

Is this the right one?
http://www.computerperformance.co.uk/ezine/tools.htm#NetSh - Network Shell


----------



## ~Candy~ (Jan 27, 2001)

Did you type it as John Will typed it above? With the correct spacing?


----------



## shivafang (Jul 5, 2008)

For whatever reason I had to do it form c:windows/system32 (the only reason I figurd that out was because I searched my hard drive for 'netsh' and included system folders)

No real change in throughput on the benchmark (15-100kb/s depending on weather I test pictures or just text) no noticeable speed on this or any other website.


----------



## shivafang (Jul 5, 2008)

I was talking to my boyfriend's roomate last night and she asked me how old the computer was because it could be the network card. She dosn't know enough about them to be certain, so I thought I would post it here

My Device Manager calls it a CNet PRO200WL PCI Fast Ethernet Adapter. Could this be the problem?

She also asked about my ethernet cable, which is a CAT 5 and should be OK. (I've also used different cables on this computer so I'm reasonably sure it's not the cable. And I've switched the ports on the HUB around so it's not that either.)


----------



## Cookiegal (Aug 27, 2003)

You do have an infection showing in the HijackThis log so let's address that and other problems may resolve.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## ~Candy~ (Jan 27, 2001)

:up: Thanks Karen


----------



## Cookiegal (Aug 27, 2003)

Anytime.


----------



## Cookiegal (Aug 27, 2003)

I meant to ask this earlier. Why are you not running any anti-virus program?


----------



## shivafang (Jul 5, 2008)

Thanks cookiegal - the autorun disabling is no problem since I've already disabled it (I don't know how I disabled it, but I find autorun annoying anyways).

I have AVG, but it's an old version. I guess I really should install the latest version huh?

EDIT: The instructions on the site suggset installing the Windows Recovery Console. As my disks are broken, that is not possible.

EDIT2: n/m I guess I should just shut up and read the whole thing as it tells you what to do if you don't have the disks.


----------



## shivafang (Jul 5, 2008)

Noticeable speed improvement, benchmark tested at 128kb/s... not as high as it *should* be, but definatly faster! I definatly notice the extra speed even just loading this page.

Will put the hackthis log in a new post as it's over the character limit

*ComboFix Log
*ComboFix 08-07-05.1 - Justin White 2008-07-07 19:17:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.648 [GMT -7:00]
Running from: D:\My Documents\ComboFix.exe
Command switches used :: D:\My Documents\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\WinSoftware\PCheck.dll
C:\Program Files\Instant Buzz
C:\Program Files\Instant Buzz\bugreport.txt
C:\Program Files\Instant Buzz\shivafang.ibp
C:\Program Files\ISTsvc
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-07 08:51 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-07 08:51 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-07 08:51 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-07 08:51 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-07 08:51 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-07 08:51 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-07 08:51 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-07 08:51 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-07 08:51 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-06 10:47 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-05 15:39 . 2008-07-05 15:40 d-------- C:\Program Files\SystemRequirementsLab
2008-07-05 15:39 . 2008-07-05 15:39 d----c--- C:\Documents and Settings\Justin White\Application Data\SystemRequirementsLab
2008-07-05 15:01 . 2008-07-05 15:01 d----c--- C:\Documents and Settings\Justin White\Application Data\Lavasoft
2008-06-09 19:22 . 2007-02-28 02:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-09 19:22 . 2007-02-28 02:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-09 19:22 . 2007-02-28 01:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-09 19:22 . 2007-02-28 01:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-09 19:22 . 2007-07-09 06:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-09 19:22 . 2006-12-26 06:07 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll
2008-06-09 19:22 . 2006-12-26 06:07 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll
2008-06-09 19:22 . 2006-12-26 06:07 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll
2008-06-09 19:22 . 2006-12-19 14:52 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-06-09 19:22 . 2006-12-26 06:07 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll
2008-06-08 22:39 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-08 22:39 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-08 22:39 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-08 22:39 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 02:22 --------- dc----w C:\Documents and Settings\Justin White\Application Data\OpenOffice.org2
2008-07-02 15:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-06-19 12:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 04:26 --------- dc----w C:\Documents and Settings\Justin White\Application Data\GetRightToGo
2008-05-13 03:31 --------- d-----w C:\Program Files\Real
2008-05-13 03:30 --------- d-----w C:\Program Files\MSN Messenger
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-11-20 17:51 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="d:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16 73728]
"LDM"="d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-15 16:27 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Tunebite"="D:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-28 17:23 6321456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"HostManager"="C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe" [2006-05-24 04:15 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59 124520]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2005-12-18 08:36 155136]
"Picasa Media Detector"="F:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ZboardTray"="C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2004-07-09 12:21 339968]

C:\Documents and Settings\Justin White\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-15 16:27:42 450560]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-15 16:26:37 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-03 06:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"vidc.XVID"= xvid.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin White^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Justin White\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a--c--- 2005-12-18 08:36 369664 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
--a--c--- 2005-12-18 08:36 281088 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a--c--- 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 17:05 81920 F:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-06-16 05:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-29 00:43 8466432 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 00:43 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a--c--- 2007-10-23 14:18 443968 F:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Crawler]
--a--c--- 2004-02-03 09:06 454656 D:\PROGRA~1\RCrawler\rcrawler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
--a--c--- 2003-09-29 14:53 607232 D:\PROGRA~1\SPEEDO~1\SPO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
--a--c--- 2002-04-17 14:51 290816 C:\WINDOWS\system32\tbctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 11:41 33792 D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"=
"D:\\Program Files\\Torque Game Engine Demo\\demo.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"F:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files\\AtariDragonshard\\fpupdate.exe"=
"D:\\Program Files\\Xfire\\Xfire.exe"=
"F:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Program Files\\Wizards of the Coast\\Magic Online\\magic.exe"=
"D:\\Program Files\\RssBandit\\RSSBandit.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\TorqueGameBuilder\\games\\TGB.exe"=
"D:\\Program Files\\DAP\\DAP.exe"=
"D:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"=
"D:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Sharaza
"4662:TCP"= 4662:TCP:Emule TCP
"4672:UDP"= 4672:UDP:emule UDP
"3724:TCP"= 3724:TCP:WoW1
"6112:TCP"= 6112:TCP:WoW2
"9896:TCP"= 9896:TCP:Magic

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 13:04]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-28 14:48]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-28 14:48]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 14:51]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 14:51]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2007-12-28 15:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18938b45-63b9-11d9-bf3d-806d6172696f}]
\Shell\AutoRun\command - E:\JetFlash.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 19:16:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-06 19:16:46 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RealityPrompter - C:\Documents and Settings\Justin White\prompter.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-Instant Buzz Daemon - C:\Program Files\Instant Buzz\IBDaemon.exe
HKLM-Run-Simpleology 1.0 - D:\Program Files\Simpleology\simpleology Wimiki\simpleology Wimiki.exe
HKLM-RunServices-Windows Compliant - winole.exe
MSConfigStartUp-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.Exe
MSConfigStartUp-horch - C:\WINDOWS\horch.exe
MSConfigStartUp-Instan-t - C:\PROGRA~1\IMVITE\itload.exe
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-SurfAccuracy - C:\Program Files\SurfAccuracy\SAcc.exe
MSConfigStartUp-Windows DLL Loader - C:\WINDOWS\system32\defragfatx.exe
MSConfigStartUp-zango - c:\program files\zango\zango.exe
MSConfigStartUp-zanu - c:\program files\zangoclient\zanu.exe
MSConfigStartUp-Windows Compliant - winole.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 19:21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-07-07 19:29:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 02:28:11

Pre-Run: 1,916,010,496 bytes free
Post-Run: 1,891,778,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

266 --- E O F --- 2008-07-07 18:04:44


----------



## shivafang (Jul 5, 2008)

*Hack This Log
*(Hack this threw up an error when running)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:16 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\Profiler\lwemon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Start WingMan Profiler] "d:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tunebite] D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - d:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Justin White\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212989891546
O18 - Protocol: bw+0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - D:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 21009 bytes


----------



## Cookiegal (Aug 27, 2003)

AVG is not running so it's not doing you any good. You need to have an anti-virus program so please uninstall what remains of AVG and install the latest version.

I see an awful lot of P2P applications on your system. You should uninstall all of them as they are likely the cause of your infections.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply.*

Click *Close* to exit the program.

Please run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the *"Extended database" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

*Note:* You have to use Internet Explorer to do the online scan.

*Post a new HiJackThis log along with the results from the SuperAntiSpyware and Kaspersky scans.*


----------



## shivafang (Jul 5, 2008)

Suer anti-spyware log - will do the other scan later

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2008 at 04:29 PM

Application Version : 4.15.1000

Core Rules Database Version : 3499
Trace Rules Database Version: 1490

Scan type : Quick Scan
Total Scan Time : 00:18:04

Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 401
Registry threats detected : 16
File items scanned : 28161
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\Justin White\Cookies\justin [email protected][2].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][1].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][2].txt
C:\Documents and Settings\Justin White\Cookies\[email protected][1].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][1].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][2].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][1].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][2].txt
C:\Documents and Settings\Justin White\Cookies\justin [email protected][1].txt

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ISTactivex.dll [  ]
HKU\S-1-5-21-57989841-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Main#BandRest
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

Adware.Surf Accuracy
HKLM\Software\SAcc
HKLM\Software\SAcc#accid
HKLM\Software\SAcc#subaccid
HKLM\Software\SAcc#Version
HKLM\Software\SAcc#DbgInfo
HKLM\Software\SAcc#CfgReload
HKLM\Software\SAcc#SAData
HKLM\Software\SAcc#Counter
HKLM\Software\SAcc#NextInvoke

Adware.IST/YourSiteBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [  ]

Rootkit.DF_KMD
C:\WINDOWS\SYSTEM32\DRIVERS\DF_KMD.SYS

Trojan.Dropper/Multi-MBAD
C:\WINDOWS\SYSTEM32\FLEC003.EXE


----------



## Cookiegal (Aug 27, 2003)

OK, that's fine.


----------



## shivafang (Jul 5, 2008)

Kespersky Scan log (8 Infected objects). I think that this is a newer version than you know of because some of the interface options you described wern't there so I hope I did it right.

Just so you know, the folder 'deskclean' is me moving all the junk off my desktop (which is 'c' drive) to my D drive to free up space on my c drive. Everything in that folder was on the desktop at one point or another.

Wednesday, July 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 08, 2008 23:27:38
Records in database: 929950

*Scan settings* Scan using the following database extended Scan archives yes Scan mail databases yes 
*Scan area* My Computer A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\ 
*Scan statistics* Files scanned 424998 Threat name 6 Infected objects 8 Suspicious objects 0 Duration of the scan 06:37:22 
*File name* *Threat name* *Threats count* C:\Documents and Settings\Justin White\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-34cf17cf.zipInfected: Exploit.Java.Gimsh.b1

C:\QooBox\Quarantine\C\Program Files\Common Files\WinSoftware\PCheck.dll.virInfected: not-a-virus:FraudTool.Win32.WinAntiVirus.20061

C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\YSBactivex.dll.virInfected: Trojan-Downloader.Win32.IstBar.gen1

C:\QooBox\Quarantine\C\WINDOWS\system32\hldrrr.exe.virInfected: Trojan-Downloader.Win32.Bagle.ch1

D:\DeskClean\SetupInstantBuzz.exeInfected: not-a-virus:AdWare.Win32.InstantBuzz.a1

D:\DeskClean\VizUp 2.2.3.exeInfected: Email-Worm.Win32.Bagle.hd1

D:\Desktop D\DeskClean\SetupInstantBuzz.exeInfected: not-a-virus:AdWare.Win32.InstantBuzz.a1

D:\Desktop D\DeskClean\VizUp 2.2.3.exeInfected: Email-Worm.Win32.Bagle.hd1

* The selected area was scanned.*


----------



## shivafang (Jul 5, 2008)

Latest Hijack This log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:01 AM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\Profiler\lwemon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ufdsvc.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Start WingMan Profiler] "d:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tunebite] D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - d:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Justin White\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - d:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - D:\Noble Poker\casino.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212989891546
O18 - Protocol: bw+0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - D:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: offline-8876480 - {7E998C72-FD5D-4DF6-907B-2C73D3F121C4} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 21307 bytes


----------



## Cookiegal (Aug 27, 2003)

Delete these files manually:

C:\Documents and Settings\Justin White\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\*jvmimpro.jar-6b13a7e7-34cf17cf.zip*

D:\DeskClean\*SetupInstantBuzz.exe*

D:\DeskClean\*VizUp 2.2.3.exe*

D:\Desktop D\DeskClean\*SetupInstantBuzz.exe*

D:\Desktop D\DeskClean\*VizUp 2.2.3.exe*

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## shivafang (Jul 5, 2008)

I figured deleting those files manually was going to be the next step. I also emptied the trash afterwards.

(EDIT: I had no idea some of this old junk was still on here  I really need to houseclean my computer!)

Hijack This uninstall log;
AbiWord 2.4.6 (remove only)
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Advanced ZIP Password Recovery
AnalogX AutoTune
AnalogX SayIt
AnalogX Vocal Remover (WinAmp)
Anvil Studio
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AutoIt v3.1.1
Battle Pool
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
Blender (remove only)
BlitzMax Demo 1.12
BLua Alpha
Bryce 5.5c
Canon iP3500 series
Canon ScanGear Toolbox CS 2.2
CD - DVD Publishing Service
CDDRV_Installer
Clothes Converter
Clothes Converter 3.1
CODI Custom Content Helper
Corel Painter Essentials 2
Corel Painter IX
CuteFTP 7 Home
DAEMON Tools
Dark Age of Camelot - Shrouded Isles
Dark Wind Online v1.4.0
DarkBASIC
Data Lifeguard
DeleD 3D Editor 1.7 LITE
DH Driver Cleaner Professional Edition
DH Lore Invasion Demo
DivX Codec 3.1alpha release
DivX Content Uploader
DivX Web Player
Download Accelerator Plus (DAP)
Dragonshard
eMusic - 50 Free MP3 offer
EncVorbis 1.1
Fable - The Lost Chapters
FileZilla Client 3.0.9.2
Fraps (remove only)
Galactic Civilizations II
Galactic Civilizations II - Gold Edition
GenuTax
GOM Player
Google Video Player
GTK+ 2.6.4 runtime environment
Guild Wars
Guild Wars Dev
Guild Wars Stage
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
Hellgate: London
Hexagon Demo
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP PrecisionScan LTX
HP ScanJet Scan-to-Web Wizard
Huffyuv AVI lossless video codec (Remove Only)
IGN Download Manager 2.1.1
IMVITE Messenger
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 Runtime Environment, SE v1.4.2_12
KhalSetup
K-Lite Codec Pack
Launcher
Lernout & Hauspie TruVoice American English TTS Engine
Library of the Ages
Logitech Desktop Messenger
Logitech Gaming Software
Logitech SetPoint
Lucid Dreaming Kit
Lucid Dreaming Screensaver
Magic Online
Magic Online III
Magic Workstation 0.94f
Majesty
MD2 Viewer 1.4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AppLocale
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
MID Converter 4.2
MilkShape 3D 1.7.4
Minions of Mirth (remove only)
Mozilla Firefox (3.0)
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MultiRes (remove only)
myTaxExpress 2004
myTaxExpress 2005
myTaxExpress 2006
myTaxExpress for Y2003
Nasser Resource Viewer
Nero 6 Demo
Neverwinter Nights
Neverwinter Nights 2
Noble Poker
Norton Security Scan
Notepad++
NVDVD
NVIDIA Drivers
NWN2 FindRefs Util 1.3
Online Manuals for WinTV (English)
OpenOffice.org 2.3
Paraben's Text-To-Voice
PHP 5.2.6
Picasa 2
PixiePack Codec Pack
PIXMA Extended Survey Program
PlanetSide: Aftershock
PlayOnline Viewer and Tetra Master
Poser 6
PRC Pack
Python 2.5.1
QuickTax 2007
QuickTime
Realm Crafter
Registry Crawler
Resource Tuner 1.99
Rhapsody Player Engine
RssBandit
Ruby 1.8.2-14 (uninstall)
Runtime Files Pack 3
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Shadowbane
Sid Meier's Civilization 4
SimPE 0.62 (alpha)
SmartWhois
SoftDisc V2.52
SoundTaxi 3.2.0
Speed Gear 5.00
SpeedOptimizer
Stardock Central
StudioTax 2005
Super Dudester (remove only)
Super Gerball Trial 1.0
SUPERAntiSpyware Free Edition
System Requirements Lab
Tablet
TeamSpeak 2 RC2
TGEA_Demo (remove only)
The GIMP 2.2.4
The Guild 2
THE SETTLERS - Rise of an Empire Demo
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims&#8482; 2 Bon Voyage
The Sims&#8482; 2 Seasons
Torque 2D Fish Demo (remove only)
Torque 2D Shooter Demo (remove only)
Torque Game Builder
Torque Game Engine 1.5.1 SDK (remove only)
Torque Game Engine Demo (remove only)
Torque ShowTool Pro (remove only)
Torque Warzone Demo (remove only)
Tribal Trouble
TubeTwist - Quantum Flux Edition
Turtle Beach Santa Cruz Driver
Ultimate Unwrap3D 2.15
Ultimate Unwrap3D 2.20 Demo
UltraISO V7.55 ME
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
Victoria 4.2 Morphs++
Victoria 4.2 Morphs++ DAZ Studio Content
Viewpoint Media Player
Visual Basic 4 Runtime Files
VizUp Evaluation 2.3.6
VobSub v2.05 (Remove Only)
Warhammer Mark of Chaos
Warlords Battlecry II
WAVmaker III
WIDI Recognition System Pro 3.22 (remove only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Wings 3D 0.98.29b
WinPcap 3.1 beta3
WinRAR archiver
WinZip
World of Warcraft
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zboard (TM) Software


----------



## Cookiegal (Aug 27, 2003)

Any programs listed there that you no longer use or need should be removed via the Control Panel - Add or Remove Programs but definitely remove these:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 Runtime Environment, SE v1.4.2_12
Logitech Desktop Messenge
Viewpoint Media Player

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 6*.
Scroll down to where it says * Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications* (the fifth one in the list).
Click the "*Download*" button to the right. A new page will open.
Select your platform and check the box that says: *I agree to the Java SE Runtime Environment 6 License Agreement*.
Click *Continue*.
Click on the link under *Windows Offline Installation* (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
Go to *Start* - *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name (see list above).
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

How are things running now?


----------



## shivafang (Jul 5, 2008)

We have a lightning front moving through tonight (have surge protection but I'd rather not chance anything) and I'm very busy tomorrow, but I will work on this tomorrow night. Merci Beaucoup for the help.


----------



## Cookiegal (Aug 27, 2003)

That's fine. You're best to shut down.


----------



## shivafang (Jul 5, 2008)

The computer itself is noticeably faster (especially booting) however the internet has no change on benchmark tests.


----------



## ~Candy~ (Jan 27, 2001)

Are you able to plug your computer into the same connection that one of the faster running computers is now connected to?


----------



## shivafang (Jul 5, 2008)

Yes, we tried that. And I've also tried changing the cord.


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## Cookiegal (Aug 27, 2003)

Also, please do this:

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All User Accounts*
Under Drivers select the radio button for *All*
Check the Radio buttons for Files/Folders Created Within *90 Days* and Files/Folders Modified Within *90 Days* 
Under Additional Scans check the following:
Reg - BotCheck
Reg - ControlSets
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - File Associations
Reg - Safeboot Options
Reg - Security Settings
Reg - Software Policy Settings
Reg - Tcpip Persistant Routes
Reg - Uninstall List
Evnt - EventViewer Errors/Warnings (last 7 days)

Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload Notepad file here as an attachment please.


----------



## shivafang (Jul 5, 2008)

hmm how do i disconnect from the internet if I'm on broadband?

EDIT: Duh.. will unplugging the cable work? That was a silly question, what was I thinking.


----------



## shivafang (Jul 5, 2008)

GMER log - I'll do the other one a l;ittle later

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-14 15:47:37
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7635818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF76357D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7629A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF762A2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7635910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7635794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF762A2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7635866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF76350B0]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF0C14F20]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe[1892] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018373CC] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT F:\Program Files\Thunderbird\thunderbird.exe[3720] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [01837376] F:\Program Files\Thunderbird\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86FE3548
Device \Driver\Cdrom \Device\CdRom0 86F763D8
Device \FileSystem\Rdbss \Device\FsWrap 85D42558
Device \Driver\Cdrom \Device\CdRom1 86F763D8
Device \Driver\atapi \Device\Ide\IdePort0 86D611F0
Device \Driver\atapi \Device\Ide\IdePort1 86D611F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86D611F0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86D611F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 86D611F0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 86D611F0
Device \Driver\Cdrom \Device\CdRom2 86F763D8
Device \Driver\Cdrom \Device\CdRom3 86F763D8
Device \Driver\Cdrom \Device\CdRom4 86F763D8
Device \FileSystem\Srv \Device\LanmanServer 85C64C90
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D46260
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D46260
Device \FileSystem\Npfs \Device\NamedPipe 86D61820
Device \FileSystem\Msfs \Device\Mailslot 869607A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 86D04008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target2Lun0 86D04008
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 86D04008
Device \Driver\d347prt \Device\Scsi\d347prt1 86D04008
Device \FileSystem\Fastfat \Fat  B6D5BC8A
Device \FileSystem\Fastfat \Fat 85AEB5A0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86ACE330
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86ACE330
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86ACE330
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86ACE330
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86ACE330
Device \FileSystem\Cdfs \Cdfs 86CE5E48

---- Modules - GMER 1.0.14 ----

Module _________ F75B2000-F75CA000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41 
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42

---- EOF - GMER 1.0.14 ----


----------



## Cookiegal (Aug 27, 2003)

shivafang said:


> hmm how do i disconnect from the internet if I'm on broadband?
> 
> EDIT: Duh.. will unplugging the cable work? That was a silly question, what was I thinking.


You should have an icon in the notification area of the Task Bar that shows you're connected to the Internet. If you double-click it you should get a box where you can select "Disconnect".


----------



## ~Candy~ (Jan 27, 2001)

Or unplugging the cord works too


----------



## shivafang (Jul 5, 2008)

Here is the OTScanit log. I had to split it into 2 because the forum wouldn't let me upload files larger than 500kb.

A few notes about the errors you see. I don't know what you are looking for, but this might help you.

Anything related to 'RPG Maker - Postality Knights' for some reason it wants to install this whenever I run Paint Shop Pro, I have to hit cancel when that happens.

I also had a weird thing with Firefox this last week where everytime I would try to run it it would throw up an error (and it was my default browser so anytime I did anything that triggered a webpage it might come up) so you might see a lot of the same error repeatedly related to that. This issue seems to have fixed itself (firefox runs now)

Now that that's said.. I wonder what would happen if I run the benchmark with a different browser *hmm*


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Tunebite -> D:\Program Files\RapidSolution\Tunebite\Tunebite.exe [D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray]
< Run [HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\] > -> HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Tunebite -> D:\Program Files\RapidSolution\Tunebite\Tunebite.exe [D:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{066040F0-5018-4E15-8AA0-81D36136D989} [HKEY_LOCAL_MACHINE] -> [Instant Buzz]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\] > -> HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{066040F0-5018-4E15-8AA0-81D36136D989} [HKEY_LOCAL_MACHINE] -> [Instant Buzz]
[Files/Folders - Created Within 90 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> DA15D5355E1D4076B5208571346D6238.TMP -> %SystemRoot%\DA15D5355E1D4076B5208571346D6238.TMP
[Files/Folders - Modified Within 90 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> vmpremov.exe -> C:\Documents and Settings\Justin White\Local Settings\Temp\vmpremov.exe
NY -> 31 C:\Documents and Settings\Justin White\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Justin White\Local Settings\Temp\*.tmp
NY -> 31 C:\Documents and Settings\Justin White\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Justin White\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
Also, please do this:

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## shivafang (Jul 5, 2008)

OCT Scan it Log
Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tunebite deleted successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tunebite not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{066040F0-5018-4E15-8AA0-81D36136D989} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{066040F0-5018-4E15-8AA0-81D36136D989}\ not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{066040F0-5018-4E15-8AA0-81D36136D989} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{066040F0-5018-4E15-8AA0-81D36136D989}\ not found.
[Files/Folders - Created Within 90 days]
C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP folder deleted successfully.
C:\WINDOWS\NV14241428.TMP folder deleted successfully.
File C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP not found!
[Files/Folders - Modified Within 90 days]
C:\Documents and Settings\Justin White\Local Settings\Temp\vmpremov.exe moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Temp\.cleanup.tmp folder deleted successfully.
C:\Documents and Settings\Justin White\Local Settings\Temp\svjjh.tmp folder deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Temp\etilqs_zwvBetqkm168AAc7fyRa scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 07172008_094029

Files moved on Reboot...
File C:\Documents and Settings\Justin White\Local Settings\Temp\etilqs_zwvBetqkm168AAc7fyRa not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Justin White\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g3dfyf.default\XUL.mfl moved successfully.


----------



## shivafang (Jul 5, 2008)

Hijack This 'Misc Tools' Log (Part 1 - Over character limit)

StartupList report, 7/17/2008, 9:46:44 AM
StartupList version: 1.52.2
Started from : D:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Justin White\Start Menu\Programs\Startup]
OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HostManager = C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
IPHSend = C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Start WingMan Profiler = "d:\Program Files\Logitech\Profiler\lwemon.exe" /noui
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SUPERAntiSpyware = D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{582610B8-E496-4813-993C-4B027173FE38}] *
StubPath = C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - D:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton Security Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212989891546

[Java Plug-in 1.4.0]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi140.dll
CODEBASE = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

[Java Plug-in 1.4.0]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi140.dll
CODEBASE = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\rsvpsp.dll
Protocol #13: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)


----------



## shivafang (Jul 5, 2008)

Hijack this Log - Part 2 (Misc Tools Log)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Santa Cruz Game Port: system32\DRIVERS\gameenum.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Hauppauge WinTV 848/9 WDM Video Driver: system32\drivers\HCWBT8XX.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
PIXMA Extended Survey Program: C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (autostart)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech SetPoint Keyboard Driver: System32\Drivers\L8042Kbd.sys (manual start)
Logitech SetPoint PS/2 Mouse Filter Driver: System32\Drivers\L8042mou.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LBeepKE: System32\Drivers\LBeepKE.sys (autostart)
Logitech SetPoint KMDF HID Filter Driver: system32\DRIVERS\LHidFilt.Sys (manual start)
Logitech SetPoint HID Mouse Filter Driver: system32\DRIVERS\LHidKE.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech SetPoint KMDF Mouse Filter Driver: system32\DRIVERS\LMouFilt.Sys (manual start)
Logitech SetPoint Mouse Filter Driver: System32\Drivers\LMouKE.sys (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MovRVDrv32: system32\DRIVERS\MovRVDrv32.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Ideazon Keyboard Driver: system32\DRIVERS\OmniDrv.sys (manual start)
Ideazon Usb Keyboard Driver: system32\DRIVERS\OmniUsb.sys (manual start)
Ideazon Usbl Keyboard Driver: system32\DRIVERS\OmniUsbl.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pen Class: system32\Drivers\PenClass.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
SndTDriverV32: system32\drivers\SndTDriverV32.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{A9F6B49B-D1FC-4C56-BC0D-DBEC7F634F16} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
TabletService: C:\WINDOWS\system32\Tablet.exe (autostart)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Santa Cruz Driver: system32\drivers\tbcspud.sys (manual start)
Santa Cruz WDM Driver: system32\drivers\tbcwdm.sys (manual start)
Tunebite High-Speed Dubbing: system32\drivers\tbhsd.sys (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
UFD Command Service: C:\WINDOWS\system32\ufdsvc.exe (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\drivers\WmBEnum.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Logitech Gaming HID Filter Driver: system32\drivers\WmFilter.sys (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\drivers\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\drivers\WmXlCore.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NTPort Library Driver: \??\C:\WINDOWS\system32\zntport.sys (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34,674 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## shivafang (Jul 5, 2008)

Hijack this Scan Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:25 AM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170640052\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Start WingMan Profiler] "d:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Justin White\Application Data\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - F:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212989891546
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - D:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

--
End of file - 7375 bytes


----------



## shivafang (Jul 5, 2008)

For what it's worth, I have not yet re-installed AVG. It's a huge file and I'm hoping to get my internet speed up and then I will install it.


----------



## Cookiegal (Aug 27, 2003)

Please do a search for this file and let me know the entire path to its location if you find one or more:

*zntport.sys *

You may need to unhid files/folders first:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".

Go to Start > Search - All Files and Folders and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"


----------



## shivafang (Jul 5, 2008)

Yup, I already have all my folders unhidden. I find it annoying that Windows wants to hide information about my computer form me >(. Though I can understand it's to protect new users from making a mistake.

No file called 'zntport.sys'. I triple checked the spelling.

EDIT: I double checked the logs you had me post, and they say there should be one in C:Windows/System32/ however when I havigate there directly with explorer I don't see it and it does not come up in the search. You may or may not be expecting that, I don't know (this is a little over my head) however it was weird so I though I'd let you know.


----------



## Cookiegal (Aug 27, 2003)

The logs indicated that the file was missing but I wanted to be sure that was the case.

Are you using this NTPort Library program from Zealsoft?

http://www.zealsoftstudio.com/ntport/


----------



## shivafang (Jul 5, 2008)

I don't think I have ever used that program. This computer is about 4 or 5 years old now though so I may have at one time.


----------



## Cookiegal (Aug 27, 2003)

OK, I think it's best just to disable that service as it doesn't appear malicious but if it's needed it can be restarted. However, the file is missing so with the service being on "autostart" it will keep trying to start but can't because it can't find the file.

Go to *Start* - *Run* - type in *cmd* and hit Enter.

Type this command exactly as shown below (including spaces) and hit enter:

*sc config zntport start= disabled*

Reboot the computer.

Is your version of XP Home or Pro?


----------



## shivafang (Jul 5, 2008)

XP Home.

That command line gives me a message I'm assuming is an error, reminding me of the syntax. Or it could be normal...


```
Modifies a service entry in the registry and Service Database.
SYNTAX:
sc <server> config [service name] <option1> <option2>...
CONFIG OPTIONS:
NOTE:  The option name includes the equal sign.
(a list of options.)
```
is this normal or did I do somethigng wrong. There is nothing saying 'succesfully disabled'.

(THat is not copy-pasted, any typos are mine.)


----------



## Cookiegal (Aug 27, 2003)

Try running this command instead please.

*sc config "NTPort Library Driver" start= disabled*


----------



## shivafang (Jul 5, 2008)

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

I tried it twice to make sure I didn't mist-type something, and included all spaces you have there (even 'start= disabled' spacing which seemed odd)


----------



## Cookiegal (Aug 27, 2003)

Click *Start *- *Run *- and type in:

*services.msc*

Click OK.

In the services window find *NTPort Library Driver*.
Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button (if it's not already stopped) to stop the service. Beside "Start-up Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Reboot the computer.

Let me know how that goes please.


----------



## shivafang (Jul 5, 2008)

Hrm...

Don't see it. This is what I have that starts with 'N'

Net Login
NetMeeting Remote Desktop Sharing
Network Connections
Network DDE
Network DDE DSDM
Network Location Awareness (NLA)
Network Provisioning Service
NT LM Security Support Provider
NVIDIA Display Driver Service

Kinda odd no?


----------



## Cookiegal (Aug 27, 2003)

Please run OTScanIt again as per the instructions in post no. 35 and post the log.


----------



## shivafang (Jul 5, 2008)

Weird, It's snall enough that I don't have to split it this time. I hope I didn't make a mistake.

file Attached.


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Driver Services - All]
YN -> (zntport) NTPort Library Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\zntport.sys
[Registry - Non-Microsoft Only]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Yahoo! Messenger]
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\] > -> HKEY_USERS\S-1-5-21-57989841-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------

