Kravyn

Members
  • Content Count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Kravyn

  • Rank
    Member
  1. well actually seems my old idea of why my PC froze may have been wrong Gmer has the same problem as combofix I think that if you click it will freeze well thats an understatement it only happens if you click on the stuff it scanned tho the stuff within the window you could click on any of the tabs use any other part of it but if I attempt to highlight anything to copy a few seconds later the program will trigger a total PC freeze I even tested it out to see if that was true. so that means no gmer because the first time I clicked copy without highlighting my copy paste was empty the same again which was after it froze during the second scan since I clicked on a scanned item on the list. thats 3 scans down my 4th scan which is now I decided why dont I try and highlight everything before I clicked copy a few seconds later it froze again. so basicly it wont copy unless I highlight but it will freeze if I do lol talk about messed up program.
  2. Logfile of HijackThis v1.99.1 Scan saved at 19:05:02 7:05:02 PM, on 4/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\system32\ltmsg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE H:\Memturbo 4\MemTurbo.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\Program Files\Internet Explorer\iexplore.exe Q:\EVEMon\EVEMon.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe H:\Program Files\mIRC\mirc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  3. I think my problem was my screensaver after 15 minutes it tries to load the problem is during one of the combofix or sdfix or superantispyware removed something and after the idle time it freezes I havent tested it out yet because I decided to not use a screen saver for now since that happened and guess what the total PC freeze stopped. the BSOD was already cleared when windev and rpcc where fully removed the only main problem I had left was after all that work it caused my screensaver to go nuts lol but im not worried about that. for the most part everything is working like I wanted and for gmer I dont know why but it didnt copy anything when I clicked the copy button after the long scan but didnt really matter it showed alot of files but it didnt say any where rootkits or viruses or anything so the combofix and sdfix and superantispyware did the clearing up on those.
  4. tried to do the gmer again and another problem happened the PC froze up and nothing worked even tho I could see the screen still keyboard mouse didnt react to commands I know because the keyboard lights wouldnt shut off or turn on when pressed and the PC's light showing when the PC is reacting didnt even display it was working at all.
  5. I dont know whats wrong with the gmer program but after I clicked copy it closed and nothing copied took almost 1 1/2 hours to do the scan.
  6. I also flushed all that extra crap from Logitech desktop messenger by uninstalling it. it never was used in the first place so I just removed it instead.
  7. this is what I get after removing them again but I havent restarted again because they keep returning and I dont need that to happen for now. Logfile of HijackThis v1.99.1 Scan saved at 20:24:25 8:24:25 PM, on 4/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\system32\ltmsg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\SetPoint\KEM.exe H:\Memturbo 4\MemTurbo.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\hijackthis\HijackThis.exe Q:\Security Task Manager\TaskMan.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  8. well first thing tho after I did the file removeable you specified in safe mode when I returned to normal mode all the all the HJT items you told me to remove returned. this first HJT im about to post is what I recieved after deleating the files in safemode even tho it was already removed Logfile of HijackThis v1.99.1 Scan saved at 19:03:23 7:03:23 PM, on 4/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\system32\ltmsg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\SetPoint\KEM.exe H:\Memturbo 4\MemTurbo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F2E3704-21BC-46C9-B1D8-8C7BE503147F} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {92AC6155-FCC8-41FF-8B82-96C20FD18F96} - (no file) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: jkkll - C:\WINDOWS\ O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: rpcc - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwim32 - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  9. oh and im not going to be removing the flashget files I actually use it for large exe downloads. im a gamer and some MMO and demo games are 1gb+ and I dont want them to disconnect during mid download because I dont want to restart from scratch each time.
  10. when i attempt to remove O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - my PC blue screens
  11. well for now it seems to have worked. if you see any other problem on my list please tell me because i want to see if i can clean out as much as possible.
  12. oh and i never noticed your LSPfix post but i just checked it out and one of the others you told me worked on removing that one also. odd tho you posted i refreshed but somehow i didnt see your posts til after i had already continued with the previous steps at least they completed. there was a combination of 2 things nailing me. im still testing out to make sure the bsod is truely gone since as i said it was killing SDfix each time but not anymore which is why i was able to post it i need to run something ram intensive to find out. and no i havent been able to get new ram for a long time but the problem wasnt part of the ram i think it was a rootkit but it had my ram locked so if anything attempted to use more ram then the lock allowed i would always get the blue screen. the main test to see if its still intact is to run my ram flushing program it uses 95% of my ram for 30 seconds thats more then enough time to see if i still have the problem still.
  13. Part 4 SuperAntiSpyware log SUPERAntiSpyware Scan Log Generated 04/13/2007 at 01:15 AM Application Version : 3.6.1000 Core Rules Database Version : 3190 Trace Rules Database Version: 1200 Scan type : Complete Scan Total Scan Time : 01:11:26 Memory items scanned : 187 Memory threats detected : 0 Registry items scanned : 5572 Registry threats detected : 12 File items scanned : 45164 File threats detected : 338 Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{3FD6B99C-A275-46ea-8FD1-3D63986E51E4} HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4} HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32 HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\QTBEBHCU.DLL HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4} Trojan.Downloader-RPCC Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc C:\WINDOWS\SYSTEM32\RPCC.DLL HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#DllName HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Asynchronous HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Impersonate HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Startup Adware.Tracking Cookie C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected]######-superstore[1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][5].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][5].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][7].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected]######-superstore[1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected]e.ru4[2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected]rpowermedia[1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Ravyn\Cookies\[email protected][1].txt H:\PC FILES\FILES\Cookies1\[email protected][1].txt Registry Cleaner Trial HKU\S-1-5-21-436374069-220523388-682003330-1003\Software\SoftwareOnline.com Trojan.Spam-RUCrzy C:\DOCUMENTS AND SETTINGS\NANOBAIN\LOCAL SETTINGS\TEMP\154C.TMP C:\DOCUMENTS AND SETTINGS\NANOBAIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CD2RGT67\IGOR[1].EXE Trojan.Downloader-SpyTool C:\WINDOWS\SYSTEM32\GADJXAHW.DLL C:\WINDOWS\SYSTEM32\KSXJYEFS.DLL C:\WINDOWS\SYSTEM32\XKRMGAVP.DLL Trojan.Downloader-Gen/LIB C:\WINDOWS\SYSTEM32\KBHXGBRK.DLL Trojan.Downloader-WinCom32/Rootkit C:\WINDOWS\SYSTEM32\WINCOM32.SYS Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\WINSUB.XML
  14. Part 3 ComboFix Log "Nanobain" - 07-04-13 3:35:52 Service Pack 2 ComboFix 07-04-05 - Running from: "C:\cleanup" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ahhcbwb.dll C:\WINDOWS\system32\nfyxtpcwhgp.dll C:\WINDOWS\system32\components C:\Program Files\Common Files\{04674~1 C:\Program Files\Common Files\{34674~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\DOCUME~1 C:\qoobox\purity\DOCUME~1\Nanobain C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1 C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1\from.txt C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1\YSTEM3~1 C:\qoobox\purity\WINDOWS\SKS~1 C:\qoobox\purity\WINDOWS\SKS~1\??sks C:\qoobox\purity\WINDOWS\SKS~1\??sks\!update-4305.0000 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_MCHINJDRV ((((((((((((((((((((((((((((((( Files Created from 2007-03-13 to 2007-04-13 )))))))))))))))))))))))))))))))))) 2007-04-12 23:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-04-12 23:57 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\SUPERAntiSpyware.com 2007-04-12 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-12 23:30 <DIR> d-------- C:\cleanup 2007-04-12 15:35 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-04-12 06:36 <DIR> d-------- C:\hijackthis 2007-04-12 04:07 91,790 --a------ C:\WINDOWS\system32\inst.exe 2007-04-12 03:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield 2007-04-12 03:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TextPad 2007-04-12 02:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft 2007-04-12 02:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help 2007-04-12 02:41 91,790 --a------ C:\WINDOWS\inst.exe 2007-04-12 02:41 40,590 --a------ C:\WINDOWS\pdp.exe 2007-04-12 02:40 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-04-10 01:18 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\TMNT 2007-04-10 01:17 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-10 01:11 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\InstallShield 2007-03-31 13:38 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\Command & Conquer 3 Tiberium Wars 2007-03-31 13:32 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-03-19 13:47 <DIR> d-------- C:\Program Files\JoWooD (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-12 02:40 281348 --a------ C:\WINDOWS\system32\drivers\Copy of ndis.sys1231233 2007-04-11 01:35 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\utorrent 2007-04-10 01:13 -------- d--h----- C:\Program Files\installshield installation information 2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-15 13:41 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\installshield installation information 2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-25 06:21 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\my the lord of the rings, the rise of the witch-king files 2007-02-16 08:41 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\media player classic 2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-01-27 14:06 957979 ---hs---- C:\WINDOWS\system32\llkkj.bak1 2007-01-06 21:26 83 ---hs---- C:\DOCUME~1\Nanobain\APPLIC~1\.zreglib (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE" "MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe" "LTWinModem1"="ltmsg.exe 9" "DAEMON Tools-1033"="\"H:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "DAEMON Tools-1033"="\"H:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="wbsys.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ WudfServiceGroup REG_MULTI_SZ WUDFSvc\ [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\setup.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070412-212342-389 O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - C:\WINDOWS\system32\jkkll.dll backup-20070412-210845-845 O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing) backup-20070412-210845-980 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll backup-20070412-210811-658 O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll backup-20070412-210809-227 O20 - Winlogon Notify: jkkll - C:\WINDOWS\ ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... HKLM\SYSTEM\CurrentControlSet\Services\winmgmt3be8-4a18 scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\All Users\Application Data\SecTaskMan\_windev-1b8a-452b17E10 12288 bytes C:\Documents and Settings\All Users\Application Data\SecTaskMan\_windev-3be8-4a1818350 12288 bytes C:\WINDOWS\system32\windev-3be8-4a18.sys 139264 bytes C:\WINDOWS\system32\windev-peers.ini 16384 bytes scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 4 ******************************************************************** Completion time: 07-04-13 3:39:57 C:\ComboFix-quarantined-files.txt ... 07-04-13 03:39
  15. Part 2 SDfix Report SDFix: Version 1.78 Run by Nanobain - Fri 04/13/2007 - 3:59:38.76 Microsoft Windows XP [Version 5.1.2600] Running From: C:\cleanup\SDfix Safe Mode: Checking Services: Name: kprof ntldr.sys poof ImagePath: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\CP1041.NLS - Deleted C:\WINDOWS\system32\inst.exe.exe - Deleted C:\WINDOWS\system32\pdp.exe.exe - Deleted C:\WINDOWS\system32\zup.exe.exe - Deleted C:\WINDOWS\system32\koos.exe - Deleted C:\WINDOWS\system32\poof - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- C:\WINDOWS\SYSTEM32\NFYXTP~1.DLL Found - LSP!! C:\WINDOWS\SYSTEM32\NFYXTP~1.DLL Found - LSP!! Checking For Files with Hidden Attributes: C:\Documents and Settings\Nanobain\NetHood\ftp.atari.com\Desktop.ini C:\Documents and Settings\Nanobain\NetHood\ftp.autoassault.com\Desktop.ini C:\Documents and Settings\Nanobain\NetHood\ftp4.de.nero.com\Desktop.ini C:\Program Files\Nero\Nero PhotoShow 4\data\DVDMPEG2Enc.dll C:\Program Files\Nero\Nero PhotoShow 4\data\NeASL.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\DevIOCTL.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\HubTest.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\msvcp60.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\StackSwitcher.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\TestServices.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\Tparse.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\TSMFCGuiDialogHelperDLL.dll C:\Program Files\USB-IF Test Suite\USBHTT\Libs\USBCommandVerifier.dll C:\Program Files\Nero\Nero PhotoShow 4\data\movie_maker.exe C:\Program Files\Nero\Nero PhotoShow 4\data\Nero PhotoShow Deluxe.exe C:\WINDOWS\system32\A13E436B60.sys C:\WINDOWS\system32\KGyGaAvL.sys C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished