Getting Random Bsod

[Kravyn 0]

Getting random blue screen of death cant stop it I've run ad-aware + spybotSD really would like some help.

 

Logfile of HijackThis v1.99.1

Scan saved at 6:37:31 6:37:31 AM, on 4/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\WINDOWS\system32\TaskUpdate.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

H:\Memturbo 4\MemTurbo.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F2E3704-21BC-46C9-B1D8-8C7BE503147F} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {92AC6155-FCC8-41FF-8B82-96C20FD18F96} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - C:\WINDOWS\system32\jkkll.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm

O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html

O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html

O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\ahhcbwb.dll

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: jkkll - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TaskUpdateSvc - Unknown owner - C:\WINDOWS\system32\TaskUpdate.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[Kravyn 0]

need help here i cant even run a program that requires any high CPU use without the blue screen showing up and killing all chances i have to try and fix it

[HJThis 0]

Hello,Kravyn & Welcome

 

First I am going to have you upload this file for me,come back here with the scan results.

 

Go to next site:

http://www.virustotal.com/en/indexx.html

On top you'll find 'Browse'

Click the browse button and browse to next file:

 

c:\windows\system32\ahhcbwb.dll

 

Click open.

Then click the 'Send' button next to it.

This will scan the file. Please be patient.

Once scanned, copy and paste the results as well in your next reply.

 

--------------

 

After doing the scan above run these tools here.

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

( Don't run just Yet )

 

--------------

 

Please download ComboFix and save it to your desktop.

 

( Don't run just Yet )

 

--------------

 

• Please download and install Superantispyware

1. During the installation process, the program will prompt you to download any updates, click Yes

2. After the update process has completed, a dialog box will state: Database definitions have been updated, click OK

3. At the SUPERAntiSpyware Main Menu, click the Preferences button,

4. Click the General and Startup tab, under Start-Up Options, uncheck these two boxes: Start SUPERAntiSpyware when Windows starts and Show SUPERAntiSpyware icon in system tray

5. Click the Hi-Jack Protection tab and, under Home Page Protection, uncheck these two boxes: Display notification when home page changed and Protect home page from being changed. Changes can be made only here.

6. Click Close at the bottom of the page.

7. Exit the program.

Do NOT run SUPERAntiSpyware yet.

 

----------------

 

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
   
2. Wait 30 seconds, and then turn the computer on.
   
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
   
4. Ensure that the Safe Mode option is selected.
   
5. Press Enter. The computer then begins to start in Safe Mode.
   
6. Login on your usual account.
   

If you need further assistance with Safe Mode, see To start the computer in safe mode

 

----------------

 

Now run this tool here.

 

• Open the SUPERAntiSpyware program.

1. At the SUPERAntiSpyware Main Menu, under Scan for Harmful Software, click the Scan your Computer button, and the SUPERAntiSpyware Scanner menu will appear.

2. Make sure under Scan Location that your correct hard drive letter is checked. The correct hard drive letter should automatically be checked by default.

3. Under Complete Scan, click Perform Complete Scan.

4. At the bottom, click Next, to start the scan.

NOTE: This scan is very thorough. It will take a while to complete depending on the number of files and folders on the hard drive. Please be patient.

5. Click finish and you will be taken back to the main interface.

6. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.

7. Copy and paste the log into your reply.

 

------------------

 

* Clean your Cache and Cookies in IE:

• Close all instances of Outlook Express and Internet Explorer
  
• Go to Control Panel > Internet Options > General tab
  
• Click the "Delete Cookies" button
  
• Next to it, Click the "Delete Files" button
  
• When prompted, place a check in: "Delete all offline content", click OK
  

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
  
• Click Privacy in the menu on the left side of the Options window.
  
• Click the Clear button located to the right of each option (History, Cookies, Cache).
  
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.
  

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
  
• Let it scan your system for files to remove.
  
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  
• Press OK to remove them.
  

---------------

 

Next run this tool for me.

 

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

-----------------

 

reboot in to Normal Mode run this tool here.

 

Double click combofix.exe and follow the prompts.

 

When it's done running it will produce a log for you. Please post that log in your next reply.

 

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

----------------

 

After doing all work above come back here with the following logfiles.

 

1) HijackThis

 

2) SDFix Report.txt

 

3) ComboFix log

 

4) SUPERAntiSpyware log

 

 

Gogo

[Kravyn 0]

STATUS: FINISHEDComplete scanning result of "ahhcbwb.dll", received in VirusTotal at 04.13.2007, 06:10:57 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.4.12.0 04.12.2007 no virus found

AntiVir 7.3.1.50 04.12.2007 no virus found

Authentium 4.93.8 04.12.2007 no virus found

Avast 4.7.936.0 04.11.2007 no virus found

AVG 7.5.0.447 04.12.2007 no virus found

BitDefender 7.2 04.13.2007 Trojan.Vqten.A

CAT-QuickHeal 9.00 04.12.2007 no virus found

ClamAV devel-20070312 04.13.2007 no virus found

DrWeb 4.33 04.12.2007 Trojan.Vqten

eSafe 7.0.15.0 04.12.2007 no virus found

eTrust-Vet 30.7.3564 04.13.2007 no virus found

Ewido 4.0 04.12.2007 no virus found

FileAdvisor 1 04.13.2007 no virus found

Fortinet 2.85.0.0 04.13.2007 suspicious

F-Prot 4.3.2.48 04.12.2007 no virus found

F-Secure 6.70.13030.0 04.13.2007 no virus found

Ikarus T3.1.1.5 04.12.2007 Trojan.Vqten

Kaspersky 4.0.2.24 04.13.2007 no virus found

McAfee 5007 04.12.2007 no virus found

Microsoft 1.2405 04.13.2007 no virus found

NOD32v2 2185 04.13.2007 no virus found

Norman 5.80.02 04.12.2007 no virus found

Panda 9.0.0.4 04.12.2007 Suspicious file

Prevx1 V2 04.13.2007 no virus found

Sophos 4.16.0 04.12.2007 no virus found

Sunbelt 2.2.907.0 04.07.2007 no virus found

Symantec 10 04.13.2007 no virus found

TheHacker 6.1.6.088 04.09.2007 no virus found

VBA32 3.11.3 04.12.2007 Trojan.Vqten

VirusBuster 4.3.7:9 04.12.2007 no virus found

Webwasher-Gateway 6.0.1 04.13.2007 no virus found

 

going to start the setup you said next...

using second PC to use the net since right now i get random blue screen restarts

[Kravyn 0]

seems i cant run the superantispyware it says the window installer service could not be accessed because its in safe mode

 

going to go into safeboot in msconfig with specific services on see if that will work

 

-

-

-

-

 

no effect the service cannot be started in safemode guess that means trying to install in normal mode now

Edited April 13, 2007 by Kravyn

[HJThis 0]

Hi,Kravyn

 

No no you had to download and install Superantispyware,in Normal Mode update it then

boot in to Safe Mode to run it.

 

Gogo

[Kravyn 0]

yea i have the log files for superantispyware and it flushed quite a bit of files my problem now is when i try running the SDfix i finish the first half then when i get to the second half i get bluescreen the second it attempts to complete the process.

 

which means either i start SDfix again or i do not even try doing it again. but i dont know.

 

oh and also i have a program named security task manager and its displaying a windev-3be8-3a18.sys which is a code exploit i believe but dont rely on that info i just mention it because it showed up at the same time all my problems did also

Edited April 13, 2007 by Kravyn

[HJThis 0]

Hi,Kravyn

 

Do this first

 

1. Please download LSPFix from here.

2. Run the LSPFix.exe that you have just finished downloading.

3. Check the I know what I'm doing box.

4. In the Keep box you should see one or more instances of ahhcbwb.dll.

5. Select every instance of ahhcbwb.dll and move each one to the Remove box by clicking the >> button.

6. When you are done click Finish>>.

 

------------

 

And for now don't run SDFix goto Normal Mode run ComboFix first show me it's logfile.

 

Gogo

[Kravyn 0]

SDfix doesnt work it gets the blue screen on the second part every time now so there will not be a report from that.

[HJThis 0]

Hi,Kravyn

 

Let's take a step back here have you installed any new Ram at all

are you getting any other errors.

 

Please register (it's free, don't worry) with PC Pitstop and run the full tests here:

http://www.pcpitstop.com/pcpitstop/default.asp

 

When the tests are complete, a results page will pop up. Click "Share Results with TechExpress" on the top right-hand side. Then copy the URL provided and post it here for me.

 

Gogo

[Kravyn 0]

ok well i continued onto the combofix i know its not in the order you said but i think it even found the windev i just hope those where the files causing the bsod i will attempt the sdfix if it works i will come back with 4 log files

[Kravyn 0]

well here goes the first of the 4 part installment lol

 

Part 1 HJT

Logfile of HijackThis v1.99.1

Scan saved at 4:14:31 4:14:31 AM, on 4/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\WINDOWS\system32\TaskUpdate.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

H:\Memturbo 4\MemTurbo.exe

C:\Program Files\internet explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F2E3704-21BC-46C9-B1D8-8C7BE503147F} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {92AC6155-FCC8-41FF-8B82-96C20FD18F96} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm

O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html

O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html

O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: jkkll - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: rpcc - C:\WINDOWS\

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winwim32 - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TaskUpdateSvc - Unknown owner - C:\WINDOWS\system32\TaskUpdate.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[Kravyn 0]

Part 2 SDfix Report

SDFix: Version 1.78

 

Run by Nanobain - Fri 04/13/2007 - 3:59:38.76

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\cleanup\SDfix

 

Safe Mode:

Checking Services:

 

Name:

kprof

ntldr.sys

poof

 

ImagePath:

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\CP1041.NLS - Deleted

C:\WINDOWS\system32\inst.exe.exe - Deleted

C:\WINDOWS\system32\pdp.exe.exe - Deleted

C:\WINDOWS\system32\zup.exe.exe - Deleted

C:\WINDOWS\system32\koos.exe - Deleted

C:\WINDOWS\system32\poof - Deleted

 

 

 

Removing Temp Files

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

Remaining Files:

---------------

C:\WINDOWS\SYSTEM32\NFYXTP~1.DLL Found - LSP!!

C:\WINDOWS\SYSTEM32\NFYXTP~1.DLL Found - LSP!!

 

 

Checking For Files with Hidden Attributes:

 

C:\Documents and Settings\Nanobain\NetHood\ftp.atari.com\Desktop.ini

C:\Documents and Settings\Nanobain\NetHood\ftp.autoassault.com\Desktop.ini

C:\Documents and Settings\Nanobain\NetHood\ftp4.de.nero.com\Desktop.ini

C:\Program Files\Nero\Nero PhotoShow 4\data\DVDMPEG2Enc.dll

C:\Program Files\Nero\Nero PhotoShow 4\data\NeASL.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\DevIOCTL.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\HubTest.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\msvcp60.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\StackSwitcher.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\TestServices.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\Tparse.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\TSMFCGuiDialogHelperDLL.dll

C:\Program Files\USB-IF Test Suite\USBHTT\Libs\USBCommandVerifier.dll

C:\Program Files\Nero\Nero PhotoShow 4\data\movie_maker.exe

C:\Program Files\Nero\Nero PhotoShow 4\data\Nero PhotoShow Deluxe.exe

C:\WINDOWS\system32\A13E436B60.sys

C:\WINDOWS\system32\KGyGaAvL.sys

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

 

Finished

[Kravyn 0]

Part 3 ComboFix Log

"Nanobain" - 07-04-13 3:35:52 Service Pack 2

ComboFix 07-04-05 - Running from: "C:\cleanup"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\ahhcbwb.dll

C:\WINDOWS\system32\nfyxtpcwhgp.dll

C:\WINDOWS\system32\components

C:\Program Files\Common Files\{04674~1

C:\Program Files\Common Files\{34674~1

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\DOCUME~1

C:\qoobox\purity\DOCUME~1\Nanobain

C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1

C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1\from.txt

C:\qoobox\purity\DOCUME~1\Nanobain\MYDOCU~1\YSTEM3~1

C:\qoobox\purity\WINDOWS\SKS~1

C:\qoobox\purity\WINDOWS\SKS~1\??sks

C:\qoobox\purity\WINDOWS\SKS~1\??sks\!update-4305.0000

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_MCHINJDRV

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-13 to 2007-04-13 ))))))))))))))))))))))))))))))))))

 

 

2007-04-12 23:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-04-12 23:57 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\SUPERAntiSpyware.com

2007-04-12 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-04-12 23:30 <DIR> d-------- C:\cleanup

2007-04-12 15:35 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-04-12 06:36 <DIR> d-------- C:\hijackthis

2007-04-12 04:07 91,790 --a------ C:\WINDOWS\system32\inst.exe

2007-04-12 03:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield

2007-04-12 03:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TextPad

2007-04-12 02:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft

2007-04-12 02:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help

2007-04-12 02:41 91,790 --a------ C:\WINDOWS\inst.exe

2007-04-12 02:41 40,590 --a------ C:\WINDOWS\pdp.exe

2007-04-12 02:40 8,704 --a------ C:\WINDOWS\system32\sporder.dll

2007-04-10 01:18 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\TMNT

2007-04-10 01:17 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-04-10 01:11 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\InstallShield

2007-03-31 13:38 <DIR> d-------- C:\DOCUME~1\Nanobain\APPLIC~1\Command & Conquer 3 Tiberium Wars

2007-03-31 13:32 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-03-19 13:47 <DIR> d-------- C:\Program Files\JoWooD

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-12 02:40 281348 --a------ C:\WINDOWS\system32\drivers\Copy of ndis.sys1231233

2007-04-11 01:35 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\utorrent

2007-04-10 01:13 -------- d--h----- C:\Program Files\installshield installation information

2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-15 13:41 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\installshield installation information

2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-02-25 06:21 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\my the lord of the rings, the rise of the witch-king files

2007-02-16 08:41 -------- d-------- C:\DOCUME~1\Nanobain\APPLIC~1\media player classic

2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-01-27 14:06 957979 ---hs---- C:\WINDOWS\system32\llkkj.bak1

2007-01-06 21:26 83 ---hs---- C:\DOCUME~1\Nanobain\APPLIC~1\.zreglib

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE"

"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"

"LTWinModem1"="ltmsg.exe 9"

"DAEMON Tools-1033"="\"H:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"

"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

"DAEMON Tools-1033"="\"H:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="wbsys.dll"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\

Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\

Notification Packages REG_MULTI_SZ scecli\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

HTTPFilter REG_MULTI_SZ HTTPFilter\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

Shell\AutoRun\command E:\setup.exe

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070412-212342-389

O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - C:\WINDOWS\system32\jkkll.dll

backup-20070412-210845-845

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

backup-20070412-210845-980

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

backup-20070412-210811-658

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

backup-20070412-210809-227

O20 - Winlogon Notify: jkkll - C:\WINDOWS\

 

********************************************************************

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

HKLM\SYSTEM\CurrentControlSet\Services\winmgmt3be8-4a18

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

C:\Documents and Settings\All Users\Application Data\SecTaskMan\_windev-1b8a-452b17E10 12288 bytes

C:\Documents and Settings\All Users\Application Data\SecTaskMan\_windev-3be8-4a1818350 12288 bytes

C:\WINDOWS\system32\windev-3be8-4a18.sys 139264 bytes

C:\WINDOWS\system32\windev-peers.ini 16384 bytes

 

scan completed successfully

hidden processes: 0

hidden services: 1

hidden files: 4

 

********************************************************************

 

Completion time: 07-04-13 3:39:57

C:\ComboFix-quarantined-files.txt ... 07-04-13 03:39

[Kravyn 0]

Part 4 SuperAntiSpyware log

SUPERAntiSpyware Scan Log

Generated 04/13/2007 at 01:15 AM

 

Application Version : 3.6.1000

 

Core Rules Database Version : 3190

Trace Rules Database Version: 1200

 

Scan type : Complete Scan

Total Scan Time : 01:11:26

 

Memory items scanned : 187

Memory threats detected : 0

Registry items scanned : 5572

Registry threats detected : 12

File items scanned : 45164

File threats detected : 338

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{3FD6B99C-A275-46ea-8FD1-3D63986E51E4}

HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}

HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32

HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\QTBEBHCU.DLL

HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}

 

Trojan.Downloader-RPCC

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc

C:\WINDOWS\SYSTEM32\RPCC.DLL

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#DllName

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Asynchronous

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Impersonate

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Startup

 

Adware.Tracking Cookie

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected]######-superstore[1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][5].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][5].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][7].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected]######-superstore[1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected]195186[1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][4].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][6].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\nanob[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][3].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Nanobain\Local Settings\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Ravyn\Cookies\[email protected][1].txt

H:\PC FILES\FILES\Cookies1\[email protected][1].txt

 

Registry Cleaner Trial

HKU\S-1-5-21-436374069-220523388-682003330-1003\Software\SoftwareOnline.com

 

Trojan.Spam-RUCrzy

C:\DOCUMENTS AND SETTINGS\NANOBAIN\LOCAL SETTINGS\TEMP\154C.TMP

C:\DOCUMENTS AND SETTINGS\NANOBAIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CD2RGT67\IGOR[1].EXE

 

Trojan.Downloader-SpyTool

C:\WINDOWS\SYSTEM32\GADJXAHW.DLL

C:\WINDOWS\SYSTEM32\KSXJYEFS.DLL

C:\WINDOWS\SYSTEM32\XKRMGAVP.DLL

 

Trojan.Downloader-Gen/LIB

C:\WINDOWS\SYSTEM32\KBHXGBRK.DLL

 

Trojan.Downloader-WinCom32/Rootkit

C:\WINDOWS\SYSTEM32\WINCOM32.SYS

 

Trojan.Downloader-Gen

C:\WINDOWS\SYSTEM32\WINSUB.XML

[Kravyn 0]

oh and i never noticed your LSPfix post but i just checked it out and one of the others you told me worked on removing that one also.

 

odd tho you posted i refreshed but somehow i didnt see your posts til after i had already continued with the previous steps at least they completed. there was a combination of 2 things nailing me.

 

im still testing out to make sure the bsod is truely gone since as i said it was killing SDfix each time but not anymore which is why i was able to post it i need to run something ram intensive to find out.

 

and no i havent been able to get new ram for a long time but the problem wasnt part of the ram i think it was a rootkit but it had my ram locked so if anything attempted to use more ram then the lock allowed i would always get the blue screen.

 

the main test to see if its still intact is to run my ram flushing program it uses 95% of my ram for 30 seconds thats more then enough time to see if i still have the problem still.

[Kravyn 0]

well for now it seems to have worked.

 

if you see any other problem on my list please tell me because i want to see if i can clean out as much as possible.

[HJThis 0]

Hi,Kravyn

 

Yes you have a lot more to do here i'm sorry but i've been having a ton of Cable problmes

and moving around the site as of late. but I will have something for you soon if it looks like

i'm not with you it's because sometimes I have to click out then back in again.

 

Gogo

[HJThis 0]

Hey,Kravyn

 

Sorry try to get this done as fast as I can for you

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

-----------------

 

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

FlashGet

 

Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so.

 

-----------------

 

View hidden files and folders:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

------------------

 

Disable bad service

Start

Run

Type services.msc to the field and press enter.

A window opens, scroll down to TaskUpdateSvc

Rightclick it and choose Stop

Then choose Properties

Set Startup to Disabled

Click Apply and OK.

 

------------------

 

Then, open HijackThis.

Open the Misc Tools section

Delete an NT service

Copy the following line to the box and press OK; TaskUpdateSvc

Answer Yes

Close HIjackThis

 

-----------------

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

O2 - BHO: (no name) - {2F2E3704-21BC-46C9-B1D8-8C7BE503147F} - (no file)

O2 - BHO: (no name) - {92AC6155-FCC8-41FF-8B82-96C20FD18F96} - (no file)

O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

 

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

 

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

 

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

 

O20 - Winlogon Notify: jkkll - C:\WINDOWS\

O20 - Winlogon Notify: rpcc - C:\WINDOWS\

O20 - Winlogon Notify: winwim32 - C:\WINDOWS\

 

O23 - Service: TaskUpdateSvc - Unknown owner - C:\WINDOWS\system32\TaskUpdate.exe

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

-------------------

 

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

 

Backup the Registry:

 

Navigate to Start | Run and paste the following:

 

regedit /e c:\registrybackup.reg

 

Now click OK

It won't appear to be doing anything, that's normal.

Your mouse pointer may turn to an hour glass for a minute.

Please continue when it no longer has the hour glass.

 

-------------------

 

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

( Do not copy the word quote)

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]

 

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TaskUpdateSvc]

 

Save this as fix.reg Choose to save as *all files and place it on your Desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

 

-------------------

 

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
   
2. Wait 30 seconds, and then turn the computer on.
   
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
   
4. Ensure that the Safe Mode option is selected.
   
5. Press Enter. The computer then begins to start in Safe Mode.
   
6. Login on your usual account.
   

If you need further assistance with Safe Mode, see To start the computer in safe mode

 

------------------

 

Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FILES (if they exist):

C:\WINDOWS\system32\TaskUpdate.exe<---This file

C:\WINDOWS\system32\jkkll<---This file

C:\WINDOWS\system32\winwim32<---This file

C:\WINDOWS\system32\ rpcc<---This file

C:\WINDOWS\system32\inst.exe<---This file

C:\WINDOWS\inst.exe<---This file

C:\WINDOWS\pdp.exe<---This file

C:\WINDOWS\system32\llkkj.bak1<---This file

C:\WINDOWS\system32\windev-3be8-4a18.sys<---This file

C:\WINDOWS\system32\windev-peers.ini <---This file

 

-------------------

 

* Clean your Cache and Cookies in IE:

• Close all instances of Outlook Express and Internet Explorer
  
• Go to Control Panel > Internet Options > General tab
  
• Click the "Delete Cookies" button
  
• Next to it, Click the "Delete Files" button
  
• When prompted, place a check in: "Delete all offline content", click OK
  

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
  
• Click Privacy in the menu on the left side of the Options window.
  
• Click the Clear button located to the right of each option (History, Cookies, Cache).
  
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.
  

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
  
• Let it scan your system for files to remove.
  
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  
• Press OK to remove them.
  

------------------

 

After doing all work above reboot in to Windows Normal Mode show me new HijackThis logfile.

 

Gogo

[Kravyn 0]

when i attempt to remove

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

 

my PC blue screens

[Kravyn 0]

oh and im not going to be removing the flashget files I actually use it for large exe downloads.

 

im a gamer and some MMO and demo games are 1gb+ and I dont want them to disconnect during mid download because I dont want to restart from scratch each time.

[HJThis 0]

Hi,Kravyn

 

Well as this is your PC it's up to you what to remove or not. but may I have

a new HijackThis logfile. let's see what if anything more needs to be removed.

 

Gogo

[Kravyn 0]

well first thing tho after I did the file removeable you specified in safe mode when I returned to normal mode all the all the HJT items you told me to remove returned.

 

this first HJT im about to post is what I recieved after deleating the files in safemode even tho it was already removed

 

Logfile of HijackThis v1.99.1

Scan saved at 19:03:23 7:03:23 PM, on 4/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

H:\Memturbo 4\MemTurbo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F2E3704-21BC-46C9-B1D8-8C7BE503147F} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {92AC6155-FCC8-41FF-8B82-96C20FD18F96} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {F72A02ED-23DF-4D85-85D9-89E32D4487C8} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm

O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html

O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html

O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: jkkll - C:\WINDOWS\

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: rpcc - C:\WINDOWS\

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winwim32 - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[Kravyn 0]

this is what I get after removing them again but I havent restarted again because they keep returning and I dont need that to happen for now.

 

Logfile of HijackThis v1.99.1

Scan saved at 20:24:25 8:24:25 PM, on 4/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

H:\Memturbo 4\MemTurbo.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\hijackthis\HijackThis.exe

Q:\Security Task Manager\TaskMan.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm

O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html

O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html

O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: bw+0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {4BC5D55E-7D72-4439-8FEA-ADAF4178C91A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[Kravyn 0]

I also flushed all that extra crap from Logitech desktop messenger by uninstalling it. it never was used in the first place so I just removed it instead.