Reach

MWAM and AVG don't seem to detect anything and my computer boots normally again! Thank you so very much for your time and expertise, much appretiated!! Merci beaucoup!

ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 7:04.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2756 [GMT -4:00] Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Frederick Dumaresq\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\All Users\Application Data\xml21.tmp" "c:\documents and settings\All Users\Application Data\xml22.tmp" "c:\documents and settings\All Users\Application Data\xml23.tmp" "c:\documents and settings\All Users\Application Data\xmlB.tmp" "c:\windows\a99stezl1576.bin" "c:\windows\system32\10090s9ambot4z5.dll" "c:\windows\system32\11742z5ambot75a9.dll" "c:\windows\system32\131z2hackt95l7cd.bin" "c:\windows\system32\13525z5rus4e9.bin" "c:\windows\system32\1439zte591175.exe" "c:\windows\system32\14b9sz5rse89.bin" "c:\windows\system32\15032tz5j396.dll" "c:\windows\system32\184znot-a-vir9s4af5.dll" "c:\windows\system32\1z849troj4955.exe" "c:\windows\system32\21f6ba9kdo5z2738.bin" "c:\windows\system32\225589a5kzool46d.dll" "c:\windows\system32\24955s9yafz.dll" "c:\windows\system32\270505p930cz.bin" "c:\windows\system32\2779zs5y97.exe" "c:\windows\system32\30567spamb9t5z9.bin" "c:\windows\system32\31314not-a-vi5uz79a.dll" "c:\windows\system32\3ez2thre5t14295.bin" "c:\windows\system32\4654t5ief139z.exe" "c:\windows\system32\50a9vzr2562.bin" "c:\windows\system32\5z58downloa9er73.dll" "c:\windows\system32\6837hack5o9l1e6z.exe" "c:\windows\system32\722zhre5t1596.exe" "c:\windows\system32\72zc5pywar982.bin" "c:\windows\system32\77fespa9ze6875.dll" "c:\windows\system32\7b5d9ir165z.dll" "c:\windows\system32\9282not-5-zirus391.bin" "c:\windows\system32\95z0spy49c.bin" "c:\windows\system32\ezvir9573.exe" "c:\windows\system32\f27spywar915z4.exe" "c:\windows\system32\z9715virus5e9.bin" "c:\windows\z669not-a-virus615.bin" "c:\windows\z6a9downlo9der456.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\xml21.tmp c:\documents and settings\All Users\Application Data\xml22.tmp c:\documents and settings\All Users\Application Data\xml23.tmp c:\documents and settings\All Users\Application Data\xmlB.tmp c:\windows\a99stezl1576.bin c:\windows\b10vir15z59.ocx c:\windows\ee1z5ief1169.ocx c:\windows\ee9s5eal9943z.bin c:\windows\system32\10090s9ambot4z5.dll c:\windows\system32\10531hack5zo92eb.ocx c:\windows\system32\10746z5r9s126.ocx c:\windows\system32\11195notza-vir9s151.bin c:\windows\system32\1125downlozder1397.bin c:\windows\system32\11548hackto951z7.bin c:\windows\system32\11742z5ambot75a9.dll c:\windows\system32\11c5spyw9re56z.ocx c:\windows\system32\12219not5azviru94f.cpl c:\windows\system32\122979i5us4az.exe c:\windows\system32\1229dow5loade92681z.cpl c:\windows\system32\123685r9z439.bin c:\windows\system32\12609not-a-viruz125.cpl c:\windows\system32\12821s9ambo512z.exe c:\windows\system32\12951zroj3b2.ocx c:\windows\system32\12z5downloade525599.exe c:\windows\system32\131z2hackt95l7cd.bin c:\windows\system32\13260t9oj53z.bin c:\windows\system32\13525z5rus4e9.bin c:\windows\system32\13619virz5693.dll c:\windows\system32\1439zte591175.exe c:\windows\system32\14552spa9zot1cc.cpl c:\windows\system32\14b9sz5rse89.bin c:\windows\system32\15032tz5j396.dll c:\windows\system32\15069sz5mbot74.ocx c:\windows\system32\15084wz5m7fd9.exe c:\windows\system32\1534szy9are1924.exe c:\windows\system32\15409spa9boz4c8.bin c:\windows\system32\15521hac9tooz3eb.ocx c:\windows\system32\15569iruz5805.exe c:\windows\system32\15623zpambo54289.ocx c:\windows\system32\15631trzj4a89.dll c:\windows\system32\156769pa5zot1a5.ocx c:\windows\system32\15684hac5tzo938b.cpl c:\windows\system32\15fav5r1399z.bin c:\windows\system32\15z665o9m3c4.ocx c:\windows\system32\15zes5ar9e961.dll c:\windows\system32\16265w9rm2d5z.bin c:\windows\system32\16642wor5z09.dll c:\windows\system32\16691tro55az.bin c:\windows\system32\1719vir2350z.cpl c:\windows\system32\171z8s95mbot4f0.ocx c:\windows\system32\17207spy5z9.dll c:\windows\system32\172875roj939z.dll c:\windows\system32\17295ot-a9viruzf8.dll c:\windows\system32\17536hac95ool52z.bin c:\windows\system32\18179not-5-virzse8.bin c:\windows\system32\184znot-a-vir9s4af5.dll c:\windows\system32\18656zroj3e9.exe c:\windows\system32\18908hackto9lz1a5.bin c:\windows\system32\18e9zpa5se8909.dll c:\windows\system32\1922zhreat942185.dll c:\windows\system32\19294wzrm5b9.cpl c:\windows\system32\1943thi5fz57.ocx c:\windows\system32\19565haz5tool605.bin c:\windows\system32\19729sp5zbot1c9.cpl c:\windows\system32\19751h9c5toolzc4.ocx c:\windows\system32\19994wo5m2z5.ocx c:\windows\system32\199z3vir5s6e19.cpl c:\windows\system32\19a1vz5999.bin c:\windows\system32\1be5i91z75.cpl c:\windows\system32\1cb5tzr9at737.ocx c:\windows\system32\1cf65zreat5952.exe c:\windows\system32\1ec8zh59at30351.exe c:\windows\system32\1z519virus6a5.ocx c:\windows\system32\1z555spy43b9.dll c:\windows\system32\1z5thief2973.bin c:\windows\system32\1z849troj4955.exe c:\windows\system32\1ze95ownloader2386.dll c:\windows\system32\20452t9oj1az.ocx c:\windows\system32\20476viz9s915.cpl c:\windows\system32\20572spamzo9656.dll c:\windows\system32\209z8spy9985.ocx c:\windows\system32\211969ot-a-v5rus190z.ocx c:\windows\system32\21684s5ambzt3239.cpl c:\windows\system32\21859vzrus5ce.dll c:\windows\system32\21d3baczdoor905.exe c:\windows\system32\21f6ba9kdo5z2738.bin c:\windows\system32\22055s9ambot5f7z.ocx c:\windows\system32\22111vzrus2195.exe c:\windows\system32\2231z9ir5s7b.bin c:\windows\system32\22515teaz1191.ocx c:\windows\system32\225589a5kzool46d.dll c:\windows\system32\22629tr5jzb99.ocx c:\windows\system32\23599not-a5vi9uz409.exe c:\windows\system32\238fdownlo9zer25965.ocx c:\windows\system32\23941tr9j75z.bin c:\windows\system32\2398sp55d3z.ocx c:\windows\system32\249335rojz5c.ocx c:\windows\system32\24955s9yafz.dll c:\windows\system32\25042viz9s534.exe c:\windows\system32\2510stea5z589.cpl c:\windows\system32\25152sp9z91.cpl c:\windows\system32\253115ot-a-v9rusz5a.exe c:\windows\system32\253819zcktool663.cpl c:\windows\system32\2558zownloade9599.cpl c:\windows\system32\255dviz229.cpl c:\windows\system32\25739ir2z14.exe c:\windows\system32\2596zhacktool50d.bin c:\windows\system32\25adtzie9509.bin c:\windows\system32\25c2thief179z9.ocx c:\windows\system32\265519pambot7d0z.exe c:\windows\system32\2671download5r9901z.exe c:\windows\system32\26b55hiefz29.ocx c:\windows\system32\270505p930cz.bin c:\windows\system32\2779zs5y97.exe c:\windows\system32\27802hack9o5l4a5z.cpl c:\windows\system32\27995spyz05.cpl c:\windows\system32\28951viru9z1c.bin c:\windows\system32\289zs953c7.cpl c:\windows\system32\2908szeal535.ocx c:\windows\system32\2926addw5re165z.bin c:\windows\system32\29393viruz5995.bin c:\windows\system32\294709ac5tzol241.exe c:\windows\system32\29515vizus6e0.bin c:\windows\system32\29557vzru93b.ocx c:\windows\system32\2959spywaze972.ocx c:\windows\system32\296195pz91e.bin c:\windows\system32\2963zviru515c.cpl c:\windows\system32\29655spy1zf.bin c:\windows\system32\29835spy72z.bin c:\windows\system32\298sz5rse2299.dll c:\windows\system32\2c79spywaz5248.bin c:\windows\system32\2e09azdware459.cpl c:\windows\system32\2ebez5eal2493.dll c:\windows\system32\2ed15zreat14395.bin c:\windows\system32\2f25b9ckdzo52191.dll c:\windows\system32\2z47spamb9tf15.cpl c:\windows\system32\2z590worm5099.cpl c:\windows\system32\3050szarse18429.bin c:\windows\system32\30565t9zj545.dll c:\windows\system32\30567spamb9t5z9.bin c:\windows\system32\305cszarse1399.bin c:\windows\system32\306z7hac95ool618.bin c:\windows\system32\3077wo9m50z.cpl c:\windows\system32\31089wz9m50.ocx c:\windows\system32\31146ha59tool7ze.dll c:\windows\system32\31314not-a-vi5uz79a.dll c:\windows\system32\313729pambot450z.exe c:\windows\system32\3174nz5-a-v9rus759.ocx c:\windows\system32\31955spaz9ot276.exe c:\windows\system32\31z959ot-5-virus135.bin c:\windows\system32\3236thief9275z.cpl c:\windows\system32\323eb9ckdoor2594z.exe c:\windows\system32\32584tzo9519.cpl c:\windows\system32\32591zot-a-virus10e.dll c:\windows\system32\32915dzware180.cpl c:\windows\system32\3392zackdoor2285.ocx c:\windows\system32\3415virzs6bb9.bin c:\windows\system32\34d7a5dwarz959.bin c:\windows\system32\3529vi52597z.ocx c:\windows\system32\3534downloadez69.cpl c:\windows\system32\359sparsez719.ocx c:\windows\system32\3609viz5669.bin c:\windows\system32\3676dz9nload5r67.cpl c:\windows\system32\3695add9ar517z9.bin c:\windows\system32\3770downloadz92325.exe c:\windows\system32\383cthrea985z2.dll c:\windows\system32\3859a5dware2576z.exe c:\windows\system32\38a4thr5az90199.cpl c:\windows\system32\392as5zrse3977.ocx c:\windows\system32\3951backdooz1479.bin c:\windows\system32\3958vir2z86.cpl c:\windows\system32\395z5spy6ce.dll c:\windows\system32\39ddowzlo5der2790.ocx c:\windows\system32\39fszy5are16799.cpl c:\windows\system32\39z2thr5at96092.exe c:\windows\system32\39zcvi5669.cpl c:\windows\system32\3a29sparse11z5.exe c:\windows\system32\3a76spzrse1935.cpl c:\windows\system32\3a95zackdoo51797.cpl c:\windows\system32\3bbadownloa9er2315z.ocx c:\windows\system32\3bcft9izf354.bin c:\windows\system32\3de9thz5f60.exe c:\windows\system32\3ea6ste9l59z5.cpl c:\windows\system32\3ez2thre5t14295.bin c:\windows\system32\3fc65ddwaze9049.dll c:\windows\system32\3z457sp9mbot5bc.dll c:\windows\system32\3zd0threa954817.dll c:\windows\system32\40eaaddw95z2935.cpl c:\windows\system32\410859yz61.cpl c:\windows\system32\4179doznlo5der3162.ocx c:\windows\system32\41995hiez223.dll c:\windows\system32\41a3spzrse27985.bin c:\windows\system32\42b0spz5are1964.dll c:\windows\system32\4492zh5ef2279.dll c:\windows\system32\449fbackd5or12z4.exe c:\windows\system32\4654t5ief139z.exe c:\windows\system32\473athr5atz619.ocx c:\windows\system32\4760zir97705.ocx c:\windows\system32\47c1b95kdozr2932.cpl c:\windows\system32\486cdown9oade56z5.cpl c:\windows\system32\4955spazb9t621.ocx c:\windows\system32\4996w5rm7ze.exe c:\windows\system32\49a7adzw5re1555.exe c:\windows\system32\49zfaddwa5e2542.exe c:\windows\system32\4e46bac5do9r2z68.exe c:\windows\system32\4f9th5eat289z9.exe c:\windows\system32\4z7evi9590.bin c:\windows\system32\4z97sparse544.exe c:\windows\system32\502a9dwarz1877.ocx c:\windows\system32\50a9vzr2562.bin c:\windows\system32\51849ha9ktool2ez.ocx c:\windows\system32\51baadzw9re12.exe c:\windows\system32\5226not-a5vzr9s33e.ocx c:\windows\system32\52699zorm3e3.cpl c:\windows\system32\5339z5eal31069.ocx c:\windows\system32\5357t9oz3e0.exe c:\windows\system32\544tr9j778z.cpl c:\windows\system32\54a25te9lz996.dll c:\windows\system32\5585sp9rse1z62.cpl c:\windows\system32\5589spywarez395.exe c:\windows\system32\5590steal81z.ocx c:\windows\system32\55999t9oj4zf.bin c:\windows\system32\561spyz59.ocx c:\windows\system32\56985w9rmfz.exe c:\windows\system32\56e19pywarz5895.exe c:\windows\system32\5705tz5eat93074.exe c:\windows\system32\5755haczt9ol3a4.ocx c:\windows\system32\57692spambot135z.cpl c:\windows\system32\57857spamboz923.ocx c:\windows\system32\579z9py3f2.exe c:\windows\system32\591dthrezt16419.exe c:\windows\system32\59524virus939z.ocx c:\windows\system32\59997spy605z.bin c:\windows\system32\599daddware628z.dll c:\windows\system32\599zv5r1985.cpl c:\windows\system32\59e7sparse59z.dll c:\windows\system32\5aebspywa951z37.dll c:\windows\system32\5b2zbac9door1249.bin c:\windows\system32\5d8dvzr9574.bin c:\windows\system32\5d9dad5w9ze1097.cpl c:\windows\system32\5z58downloa9er73.dll c:\windows\system32\5z988spambo97bf.cpl c:\windows\system32\5z998hackt9ol10.dll c:\windows\system32\5zc3t5reat97864.cpl c:\windows\system32\6020zac95ool194.exe c:\windows\system32\6101do5nloadez2909.exe c:\windows\system32\62ces5y9are114z.bin c:\windows\system32\640bac5dzor2519.ocx c:\windows\system32\6465spz9are2025.bin c:\windows\system32\65685ozm7059.cpl c:\windows\system32\6593spyware2075z.dll c:\windows\system32\65fa59r292z.exe c:\windows\system32\6629s9zal27255.cpl c:\windows\system32\6702downl5ad9z1684.bin c:\windows\system32\6837hack5o9l1e6z.exe c:\windows\system32\6855vir89z.exe c:\windows\system32\689zs5arse11969.bin c:\windows\system32\68f29hreat285z4.exe c:\windows\system32\6991zorm559.cpl c:\windows\system32\69f9dow9loazer2055.exe c:\windows\system32\6a84thre9t435z.cpl c:\windows\system32\6b79tzie52949.ocx c:\windows\system32\6be75zr9at25900.bin c:\windows\system32\6bz1steal20795.ocx c:\windows\system32\6c00backd59rz080.cpl c:\windows\system32\6cd3spzrs918945.dll c:\windows\system32\6ed5s9yware1519z.ocx c:\windows\system32\6z5fthrea923575.bin c:\windows\system32\6z9bsteal5582.ocx c:\windows\system32\6zbbt95eat12676.exe c:\windows\system32\7092tr5950z.exe c:\windows\system32\70c1zpar9e1525.exe c:\windows\system32\71c0szyw5re9507.dll c:\windows\system32\71za9tea51126.ocx c:\windows\system32\722zhre5t1596.exe c:\windows\system32\7275b9ckdoor29z3.exe c:\windows\system32\72zc5pywar982.bin c:\windows\system32\74c7s5ywaz9165.ocx c:\windows\system32\7554zhreat39779.exe c:\windows\system32\7591worm2z.dll c:\windows\system32\75a5virz299.cpl c:\windows\system32\7651zirus5f99.bin c:\windows\system32\7652thr9zt16467.cpl c:\windows\system32\7665pyware3049z.ocx c:\windows\system32\7727spars93z25.ocx c:\windows\system32\779es5zrse1739.ocx c:\windows\system32\77b3tzief21059.dll c:\windows\system32\77fespa9ze6875.dll c:\windows\system32\7849backzoo52666.cpl c:\windows\system32\792za5dware3949.dll c:\windows\system32\79349pamboz523.ocx c:\windows\system32\798b5iz2547.exe c:\windows\system32\79d2back5oor3z25.ocx c:\windows\system32\79dzspa5se1109.bin c:\windows\system32\7b5d9ir165z.dll c:\windows\system32\7c9eaddzare595.ocx c:\windows\system32\7czbspars918205.exe c:\windows\system32\7e5aste9z539.dll c:\windows\system32\7z41downloa5e92953.cpl c:\windows\system32\7z5fthi9f2923.exe c:\windows\system32\8076w5rz191.cpl c:\windows\system32\829w5rm7z6.ocx c:\windows\system32\867h9cktozl544.cpl c:\windows\system32\8z45sp9475.ocx c:\windows\system32\905z5ddware1294.exe c:\windows\system32\91559szambotdc.ocx c:\windows\system32\922thie521z3.cpl c:\windows\system32\9282not-5-zirus391.bin c:\windows\system32\92991trzj6855.dll c:\windows\system32\93002not-a-virzs5c1.exe c:\windows\system32\9372w5rz286.dll c:\windows\system32\9458steaz2696.ocx c:\windows\system32\945cvir1345z.ocx c:\windows\system32\951threzt26331.cpl c:\windows\system32\953e5ownloadzr2701.bin c:\windows\system32\95z0spy49c.bin c:\windows\system32\95z5thief2709.exe c:\windows\system32\960stea52z98.dll c:\windows\system32\9815downzoader3180.cpl c:\windows\system32\9875s9amzot7c45.ocx c:\windows\system32\98z55spambot5c9.bin c:\windows\system32\995zno9-5-virus309.exe c:\windows\system32\9c51vir1z95.cpl c:\windows\system32\9d0daddwaze2954.cpl c:\windows\system32\9z95hief9496.ocx c:\windows\system32\9zebspywar5710.cpl c:\windows\system32\b48dzwnloader98755.dll c:\windows\system32\d07sp5rse9574z.dll c:\windows\system32\d49steal5z39.dll c:\windows\system32\e35sparze2795.cpl c:\windows\system32\ezvir9573.exe c:\windows\system32\f27spywar915z4.exe c:\windows\system32\fdabackdzor35819.bin c:\windows\system32\z26cspars51690.cpl c:\windows\system32\z4994tr5j159.ocx c:\windows\system32\z562tro9150.bin c:\windows\system32\z5725s95735.ocx c:\windows\system32\z581down9oader2400.bin c:\windows\system32\z657spa5bo97bb.cpl c:\windows\system32\z7565teal9929.bin c:\windows\system32\z8895spam5ot284.ocx c:\windows\system32\z94bs5yware2337.dll c:\windows\system32\z9715virus5e9.bin c:\windows\system32\zb14sp9rse5345.ocx c:\windows\system32\zb4d9pyw5re1220.cpl c:\windows\system32\zd869hief8505.dll c:\windows\system32\zf89s9yware24805.ocx c:\windows\z033ad5wa9e609.dll c:\windows\z17d5hr9at3969.cpl c:\windows\z1d3spyware3159.exe c:\windows\z258ste5l1749.cpl c:\windows\z455spyd09.ocx c:\windows\z472spy1e95.exe c:\windows\z5298worm9b8.bin c:\windows\z5635s958.ocx c:\windows\z5968tro9426.bin c:\windows\z669not-a-virus615.bin c:\windows\z679troj457.bin c:\windows\z6a9downlo9der456.exe c:\windows\z7635hackto5lea9.bin c:\windows\z8963ha59tool695.cpl . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_98795ea2 -------\Service_iteio ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 ))))))))))))))))))))))))))))))) . 2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys 2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys 2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes 2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM 2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2 2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal 2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3 2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft 2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO 2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso 2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin 2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft 2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation 2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony 2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-31_10.41.17 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-31 11:09 . 2009-10-31 11:09 16384 c:\windows\temp\Perflib_Perfdata_530.dat + 2006-02-28 12:00 . 2009-10-31 10:43 71264 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2009-10-31 10:36 71264 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2009-10-31 10:43 441454 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2009-10-31 10:36 441454 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\WINDOWS\\system32\\dldfcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"= "c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"= "c:\\Program Files\\Left 4 Dead\\left4dead.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"= "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752] R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?] R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432] R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41] 2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42] 2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-31 07:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74, 4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\ "??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1 [HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*] "datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01, 6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\ "rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(868) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\KEMHook.dll c:\docume~1\FREDER~1\LOCALS~1\Temp\IadHide5.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\windows\system32\MSI.DLL c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\dldfcoms.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2009-10-31 7:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-31 11:14 ComboFix2.txt 2009-10-31 10:42 Pre-Run: 41,979,203,584 bytes free Post-Run: 41,857,232,896 bytes free - - End Of File - - E4D086F74418FFB1232F23378045EDA7

That was quicker than expected.... here's the ComboFix Log file... ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 6:32.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2758 [GMT -4:00] Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Frederick Dumaresq\Application Data\inst.exe c:\windows\10059nzt-9-vir5s129.cpl c:\windows\104595zrus9a9.exe c:\windows\1119ad9w5re445z.cpl c:\windows\119evir5092z.dll c:\windows\119steal503z.ocx c:\windows\12125sp5mz9t93.exe c:\windows\12352not-a-zirus329.ocx c:\windows\12526troj159z.bin c:\windows\12597n9t-5-virus5zc.cpl c:\windows\1259thzeat5052.dll c:\windows\13292zo5m91b.bin c:\windows\134979pambzt7c5.cpl c:\windows\1385adzware1918.cpl c:\windows\13a5b5ckdooz9983.cpl c:\windows\1405not-9-vzrus5d4.cpl c:\windows\146335pambot299z.dll c:\windows\14931h5zktool699.exe c:\windows\150069ot-z-virus21f.cpl c:\windows\15092zir9s45.cpl c:\windows\15203spamboz595.cpl c:\windows\15496zpy70f.ocx c:\windows\1559azdware3117.dll c:\windows\155cstza9317.ocx c:\windows\15721haczt9ol1c.cpl c:\windows\15775tr9j55z.exe c:\windows\158evzr9256.cpl c:\windows\15995vi9us56z.bin c:\windows\15f5zte5l1963.exe c:\windows\15z9sparse2614.exe c:\windows\161es9yw5ze1237.ocx c:\windows\1620downl5az9r2658.exe c:\windows\1644zo9m573.exe c:\windows\16z58troj34a9.exe c:\windows\17392worz5ce.dll c:\windows\17398v9ruz5c6.dll c:\windows\17ez9hreat54747.ocx c:\windows\17f99pzrse852.ocx c:\windows\1816zn9t-a-viru53d7.cpl c:\windows\18315w9rze5.dll c:\windows\184069rojzc15.dll c:\windows\18695ha5ktool29z.cpl c:\windows\188z9ir27735.dll c:\windows\18c9tea51z7.bin c:\windows\19055zirus382.dll c:\windows\1913s5a9botzfa.bin c:\windows\19239zot5a-virus7ed.dll c:\windows\19447trojzd5.dll c:\windows\19505spambo9z4e.cpl c:\windows\19548virus1z0.bin c:\windows\19550zr5j273.cpl c:\windows\19576vir5z1c3.dll c:\windows\1958spamz5t6f.exe c:\windows\195cviz3135.dll c:\windows\19816viz5s522.bin c:\windows\19907h5ck9ooz3f6.exe c:\windows\19f5threat917z8.bin c:\windows\1b135ddwa9e150z.cpl c:\windows\1b9spy5zre2547.ocx c:\windows\1ca5bazkdoor2395.ocx c:\windows\1d15vz915.dll c:\windows\1e95vir2541z.bin c:\windows\1e98addwar51z1.bin c:\windows\1eb7d59nloader917z.bin c:\windows\1z005spy89.ocx c:\windows\1z175not-5-9irus30b.ocx c:\windows\1z1cspyw5re26879.dll c:\windows\1z49259rus4f3.ocx c:\windows\1z535hacktool975.dll c:\windows\1z6905o9-a-virus11f.cpl c:\windows\1z82t9ief1959.cpl c:\windows\1zd6th5e9673.ocx c:\windows\202425pambot9z7.bin c:\windows\2058spy95rez022.cpl c:\windows\208495ackt9ol7za.ocx c:\windows\209959rzj309.bin c:\windows\209985or943z.cpl c:\windows\21595worz29.ocx c:\windows\21996not-a-vi9us157z.dll c:\windows\21z27w5rm976.exe c:\windows\21z45orm79c.bin c:\windows\22034szambot39e5.bin c:\windows\22173s5a9boz68d.cpl c:\windows\22285w9rm15z.bin c:\windows\2240zt9oj5af.dll c:\windows\22447no9-a-vir5z77c.exe c:\windows\229685pamzot3fa.ocx c:\windows\235695irzs2de.cpl c:\windows\23928spamzo553.bin c:\windows\23991s5y59z.ocx c:\windows\24198t5oj5z0.bin c:\windows\2419stzal5995.exe c:\windows\2429thre5tz5157.exe c:\windows\248519pamboz39f.ocx c:\windows\24z45pywar9471.bin c:\windows\25154vi95ze8.bin c:\windows\25172zp598.ocx c:\windows\25340w5zm9ab.ocx c:\windows\25501not-a9viruz178.cpl c:\windows\2587threat29z34.ocx c:\windows\2589v9r589z.dll c:\windows\25959wormze8.cpl c:\windows\2599stealz15.cpl c:\windows\25ethief19z.ocx c:\windows\26961zot-a-virus359.bin c:\windows\27341w9rz4835.bin c:\windows\27374n5t-azvirus19c.ocx c:\windows\27599pambotzac.dll c:\windows\27z98spy15e.ocx c:\windows\28419zpa5bot789.dll c:\windows\28505spazbot29f.bin c:\windows\2858zsp95c9.ocx c:\windows\28900hac5t9olza5.exe c:\windows\28z40spa9bot435.ocx c:\windows\29557troz135.cpl c:\windows\29605not-z-virus1d0.exe c:\windows\297znot-a-virus559.bin c:\windows\29919sp5zbot65b.exe c:\windows\29996sp5m9zt28b.ocx c:\windows\29abthizf1593.exe c:\windows\29czth5eat165649.bin c:\windows\2df3a95wzre1625.dll c:\windows\2e1fs95ware2z1.ocx c:\windows\2fa5addwaz92621.dll c:\windows\2z59spa5se2799.cpl c:\windows\2z5a9ir2521.bin c:\windows\2z625ir3095.bin c:\windows\2z947worm185.exe c:\windows\2z9539pam5ote3.cpl c:\windows\2zc9own5oader1249.cpl c:\windows\30453zp979.exe c:\windows\30519noz-a-virus125.exe c:\windows\308719oz-a5virus695.bin c:\windows\309z7tr9j4345.bin c:\windows\30z40tr592fd.ocx c:\windows\31067s9z5a1.bin c:\windows\31391wo5z5fe9.dll c:\windows\314149py545z.ocx c:\windows\31522spy97z.dll c:\windows\31574s9z27c.bin c:\windows\31859trojz8b.bin c:\windows\325529zoj54d.cpl c:\windows\3303spa5bz943c.cpl c:\windows\3435spz9se2951.ocx c:\windows\35345orz95.dll c:\windows\35450not-a-9zrus120.ocx c:\windows\35749szy65e.ocx c:\windows\35b9zhreat18683.bin c:\windows\35zspar5e1969.bin c:\windows\366bspywa5e2z95.cpl c:\windows\3694doznlo95er704.dll c:\windows\371cthr59tz9916.dll c:\windows\3796wor5ze9.exe c:\windows\39235ownloadez738.exe c:\windows\39371wor56z8.ocx c:\windows\3951downzoader23299.exe c:\windows\3995spambot505z.cpl c:\windows\39ccba5kzoo92657.ocx c:\windows\39z9thief758.bin c:\windows\3a49downloazer1915.ocx c:\windows\3b89z95kdoor505.bin c:\windows\3c379ownlza5er748.exe c:\windows\3cezthr9at239765.exe c:\windows\3cz4a5dwar92475.dll c:\windows\3d7a5dwar9111z.ocx c:\windows\3z530s5y596.cpl c:\windows\3zdcvir599.cpl c:\windows\4156vir48z9.ocx c:\windows\42e3dow5zo9der1247.bin c:\windows\447ethzeat18975.bin c:\windows\45za9hief1597.bin c:\windows\46789roj500z.bin c:\windows\4715thiz52995.exe c:\windows\4739backdzo919505.dll c:\windows\4756vir599z.exe c:\windows\481b9azkdoor5284.cpl c:\windows\4930steaz5981.exe c:\windows\4945t9reat3055z5.cpl c:\windows\49469pars51z89.bin c:\windows\4985virz965.ocx c:\windows\49bbdownl5adz9254.ocx c:\windows\4a5zthreat52792.dll c:\windows\4a64a5dwa9z1210.cpl c:\windows\4az5b5ckdoo93258.exe c:\windows\4d57zpa5s91616.ocx c:\windows\4d7e9hie5277z.cpl c:\windows\4dacth9ea51676z.ocx c:\windows\4dec9aczd5or2395.cpl c:\windows\4z98sp5ware5629.exe c:\windows\5097tzief9494.exe c:\windows\50z6worm4219.cpl c:\windows\510z5hreat5906.cpl c:\windows\51229worm27dz.ocx c:\windows\513559pz569.dll c:\windows\514zs9arse2435.cpl c:\windows\5159ztroj9cb.bin c:\windows\519fbackd9oz18205.ocx c:\windows\52409roz4f5.ocx c:\windows\5251zow5load9r3233.bin c:\windows\5270sp9mzot71d.exe c:\windows\52841w9rm7z4.bin c:\windows\529z8troj5a8.dll c:\windows\52d5virz889.dll c:\windows\52f89ackdooz84.cpl c:\windows\5347zpy490.exe c:\windows\53559pzrse2872.ocx c:\windows\538spyzare2859.dll c:\windows\53f7spa9se30z2.ocx c:\windows\53zbspar9e1525.dll c:\windows\54eas5zal3099.dll c:\windows\54f3a9dwaze150.cpl c:\windows\54zdba5k9oor1317.bin c:\windows\552bzteal1991.dll c:\windows\5541dzwnl9ader2832.exe c:\windows\5593zworm9c3.dll c:\windows\559addza9e181.cpl c:\windows\559c9ddwzre1575.bin c:\windows\55ddaddwarz2901.cpl c:\windows\55z4backd9or1779.ocx c:\windows\55z9troj2f.dll c:\windows\55zeth9eat5560.dll c:\windows\5636backdo9r5z19.dll c:\windows\56556z9cktool4a.bin c:\windows\5666vir394z.exe c:\windows\56bzvir22799.bin c:\windows\57164spamboz9b9.cpl c:\windows\572thie9595z.exe c:\windows\5750s9eaz5055.cpl c:\windows\579z5hief542.cpl c:\windows\5835sp5rsz2749.ocx c:\windows\58e5zte9l1551.ocx c:\windows\5911not-a-v9ruszaf.bin c:\windows\59165spazbot179.dll c:\windows\59479virus547z.dll c:\windows\5975vi9usz3e.ocx c:\windows\5999vir3z98.exe c:\windows\599thizf5795.ocx c:\windows\59e5sparse95z1.cpl c:\windows\5a15backd59r11z.ocx c:\windows\5a15backdoo930z4.cpl c:\windows\5a31downloa9zr2384.cpl c:\windows\5a69spzrse546.exe c:\windows\5b6vi9z1.ocx c:\windows\5bb7vzr16159.ocx c:\windows\5bd7stezl1095.dll c:\windows\5c1zaddw9re416.cpl c:\windows\5ca9zhr5at31827.bin c:\windows\5d05zteal94.cpl c:\windows\5d299hreat2575z.exe c:\windows\5d85zteal9945.ocx c:\windows\5d89stz5l1657.cpl c:\windows\5da6zddwar92508.ocx c:\windows\5db9thief10z.cpl c:\windows\5ddzback9oor3225.dll c:\windows\5e7ebz9kd5or154.exe c:\windows\5ebzvir9195.bin c:\windows\5f0cdowzload9r5191.cpl c:\windows\5f9fbackdoo9z054.dll c:\windows\5fc5thiefz199.exe c:\windows\5fcazhief2990.bin c:\windows\5z29thief869.exe c:\windows\5z5fv9r944.dll c:\windows\5z68t9ief585.cpl c:\windows\5zd9st5al915.bin c:\windows\60dbspywzre1935.exe c:\windows\615dzhreat103839.exe c:\windows\618azddwar91885.bin c:\windows\6192hacktool5cz.exe c:\windows\61d5zhief2299.ocx c:\windows\6399z5ckdoor2811.cpl c:\windows\63fzste591386.ocx c:\windows\6445bzckdoor349.cpl c:\windows\6512bac9dooz3169.exe c:\windows\6529zpy9e.bin c:\windows\6572s9arsez574.cpl c:\windows\65abspywaze12109.dll c:\windows\65z95hief9144.ocx c:\windows\6851sp9461z.cpl c:\windows\6875vir25z9.exe c:\windows\68e0thiz5963.bin c:\windows\692spamzot5fc.exe c:\windows\6954threaz227599.exe c:\windows\6a05t9rzat24429.exe c:\windows\6cfadoznloader5697.ocx c:\windows\6e4fthiefz5559.dll c:\windows\6f5fsz9al1547.bin c:\windows\6fe5spyware9662z.dll c:\windows\6z59ackdoor1050.dll c:\windows\7009sp54z8.dll c:\windows\725bdownloade9z519.ocx c:\windows\7355thiez119.cpl c:\windows\7529downlozd5r1374.exe c:\windows\7547tz9ef2554.dll c:\windows\7552not-a-virzs159.exe c:\windows\757c9z52246.dll c:\windows\75z995dware2886.exe c:\windows\76czspars910245.ocx c:\windows\7708thr5at12z59.cpl c:\windows\77zethr5at92623.cpl c:\windows\7895vzr394.dll c:\windows\78ees9eal2599z.ocx c:\windows\792zth59f905.cpl c:\windows\7977spaz591537.cpl c:\windows\79875tzal2880.bin c:\windows\79fasteal59z.dll c:\windows\7a11sp9wzr51612.ocx c:\windows\7az9downl59der1997.cpl c:\windows\7c0b5ownloazer2970.bin c:\windows\7f0ad9warz591.ocx c:\windows\7f84spar5z18919.exe c:\windows\7z4fs9a5se1286.cpl c:\windows\8233spa5bo94cz.cpl c:\windows\825zro562e9.bin c:\windows\865doznload9r907.dll c:\windows\8759spa5bot7zf.dll c:\windows\875sparz59921.ocx c:\windows\8z21t9oj554.dll c:\windows\8z519py351.dll c:\windows\904edownlozder2574.exe c:\windows\9050zteal675.dll c:\windows\9084not-a-v5z9se0.ocx c:\windows\90992tzoj15b.bin c:\windows\9152stzal389.exe c:\windows\9155virz439.dll c:\windows\929zt5oj33c.dll c:\windows\92d7addzare55.dll c:\windows\9349owzl5ader2386.bin c:\windows\93dthzeat325519.ocx c:\windows\94055nz5-a-virus359.dll c:\windows\944dvir535z.ocx c:\windows\945z9troj7c7.bin c:\windows\9523zvirus95.exe c:\windows\9554vir304z.exe c:\windows\95cbaddwzre5448.cpl c:\windows\95z2spar5e83.ocx c:\windows\96515spambzt7cc.dll c:\windows\9714spazbo596f.cpl c:\windows\9734adzwa5e106.dll c:\windows\9738t9oj51z.dll c:\windows\975z5ot-a-vi9us3b9.exe c:\windows\9773spa5boz7b29.cpl c:\windows\9805spy36dz.ocx c:\windows\994add5are1z59.dll c:\windows\9977spzm5ot103.cpl c:\windows\99825teal62z.exe c:\windows\999259y7zd.cpl c:\windows\9b22bzckd5or3085.cpl c:\windows\9c7zack59or1986.ocx c:\windows\9e04vz52145.dll c:\windows\9e5virz649.cpl c:\windows\9ed7steal1z50.cpl c:\windows\9f335tezl205.cpl c:\windows\9z27downloa5er2215.exe c:\windows\9z8aspyware3532.ocx c:\windows\a799o5nloaderz38.exe c:\windows\caaad9war514z7.dll c:\windows\de19ddwzre2513.exe c:\windows\eza95r1696.bin c:\windows\system32\11399s5y245z.dll c:\windows\system32\1743ba5zdoor759.dll c:\windows\system32\17569hacktozl67a.exe c:\windows\system32\30551virzs5fa9.dll c:\windows\system32\31954spamboz535.dll c:\windows\system32\34db5zyware2719.dll c:\windows\system32\3a19zeal590.exe c:\windows\system32\4196h5cztool188.dll c:\windows\system32\48efdownl5ad9rz767.bin c:\windows\system32\4995sp5649z.dll c:\windows\system32\509threaz9000.dll c:\windows\system32\513ezir2995.exe c:\windows\system32\5285ste9l213z.bin c:\windows\system32\5815vir29z7.dll c:\windows\system32\59azspy59re676.dll c:\windows\system32\65fazteal13439.dll c:\windows\system32\799addwz5e1499.bin c:\windows\system32\9a4zhreat14550.exe c:\windows\system32\9e5spyzare9537.bin c:\windows\system32\b1b5ddware292z.dll c:\windows\system32\z5f5pyware956.dll c:\windows\system32\z85529orm7fb.exe c:\windows\system32\z9505virus2af9.bin c:\windows\system32\z995sp5999.exe c:\windows\z125s9y55.exe c:\windows\z2005acktool9b.dll c:\windows\z455threa92734.exe c:\windows\z518spyware9147.exe c:\windows\z5706sp52d99.bin c:\windows\z61spyw9re854.cpl c:\windows\z9080no5-a-virus37.cpl c:\windows\z9239troj13f5.bin Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 ))))))))))))))))))))))))))))))) . 2009-12-27 23:04 . 2009-12-27 23:04 7366 ----a-w- c:\windows\system32\7b5d9ir165z.dll 2009-12-24 08:06 . 2009-12-24 08:06 4385 ----a-w- c:\windows\system32\6837hack5o9l1e6z.exe 2009-12-22 18:50 . 2009-12-22 18:50 6921 ----a-w- c:\windows\system32\15032tz5j396.dll 2009-12-21 23:07 . 2009-12-21 23:07 4133 ----a-w- c:\windows\system32\30567spamb9t5z9.bin 2009-12-05 22:53 . 2009-12-05 22:53 6011 ----a-w- c:\windows\system32\9282not-5-zirus391.bin 2009-12-02 22:59 . 2009-12-02 22:59 2839 ----a-w- c:\windows\system32\50a9vzr2562.bin 2009-11-16 23:32 . 2009-11-16 23:32 3239 ----a-w- c:\windows\system32\11742z5ambot75a9.dll 2009-11-08 02:35 . 2009-11-08 02:35 5949 ----a-w- c:\windows\system32\184znot-a-vir9s4af5.dll 2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys 2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys 2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes 2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-14 19:07 . 2009-10-14 19:07 5275 ----a-w- c:\windows\system32\77fespa9ze6875.dll 2009-10-12 10:50 . 2009-10-12 10:50 6015 ----a-w- c:\windows\system32\z9715virus5e9.bin 2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM 2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-10-03 16:44 . 2009-10-03 16:44 2910 ----a-w- c:\windows\z6a9downlo9der456.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2 2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal 2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3 2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft 2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO 2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso 2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin 2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft 2009-10-05 15:22 . 2009-10-05 15:22 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlB.tmp 2009-10-05 15:22 . 2009-07-20 00:29 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml23.tmp 2009-10-05 15:22 . 2009-07-20 00:29 0 ----a-w- c:\documents and settings\All Users\Application Data\xml22.tmp 2009-10-05 15:22 . 2009-07-20 00:29 8710 ----a-w- c:\documents and settings\All Users\Application Data\xml21.tmp 2009-09-26 22:14 . 2009-09-26 22:14 4830 ----a-w- c:\windows\system32\21f6ba9kdo5z2738.bin 2009-09-21 22:03 . 2009-09-21 22:03 8380 ----a-w- c:\windows\system32\3ez2thre5t14295.bin 2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation 2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony 2009-09-19 14:12 . 2009-09-19 14:12 17930 ----a-w- c:\windows\system32\ezvir9573.exe 2009-09-19 07:31 . 2009-09-19 07:31 3760 ----a-w- c:\windows\system32\225589a5kzool46d.dll 2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live 2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-12 19:37 . 2009-09-12 19:37 17518 ----a-w- c:\windows\system32\f27spywar915z4.exe 2009-09-12 01:36 . 2009-09-12 01:36 11614 ----a-w- c:\windows\a99stezl1576.bin 2009-09-11 11:00 . 2009-09-11 11:00 10219 ----a-w- c:\windows\system32\4654t5ief139z.exe 2009-09-09 15:58 . 2009-09-09 15:58 7875 ----a-w- c:\windows\system32\13525z5rus4e9.bin 2009-09-09 02:03 . 2009-09-09 02:03 6320 ----a-w- c:\windows\system32\270505p930cz.bin 2009-09-07 23:16 . 2009-09-07 23:16 15084 ----a-w- c:\windows\system32\10090s9ambot4z5.dll 2009-09-05 16:30 . 2009-09-05 16:30 16029 ----a-w- c:\windows\system32\72zc5pywar982.bin 2009-09-02 02:46 . 2009-09-02 02:46 11974 ----a-w- c:\windows\system32\2779zs5y97.exe 2009-08-24 01:22 . 2009-08-24 01:22 5780 ----a-w- c:\windows\system32\1439zte591175.exe 2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-20 03:19 . 2009-08-20 03:19 5956 ----a-w- c:\windows\system32\14b9sz5rse89.bin 2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-18 03:09 . 2009-08-18 03:09 13662 ----a-w- c:\windows\system32\24955s9yafz.dll 2009-08-16 00:31 . 2009-08-16 00:31 18258 ----a-w- c:\windows\system32\722zhre5t1596.exe 2009-08-14 20:06 . 2009-08-14 20:06 9641 ----a-w- c:\windows\system32\5z58downloa9er73.dll 2009-08-13 02:39 . 2009-08-13 02:39 14863 ----a-w- c:\windows\system32\1z849troj4955.exe 2009-08-08 02:57 . 2009-08-08 02:57 7233 ----a-w- c:\windows\system32\31314not-a-vi5uz79a.dll 2009-08-07 04:43 . 2009-08-07 04:43 6975 ----a-w- c:\windows\z669not-a-virus615.bin 2009-08-06 03:21 . 2009-08-06 03:21 5242 ----a-w- c:\windows\system32\95z0spy49c.bin 2009-08-06 01:57 . 2009-08-06 01:57 18292 ----a-w- c:\windows\system32\131z2hackt95l7cd.bin 2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\WINDOWS\\system32\\dldfcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"= "c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"= "c:\\Program Files\\Left 4 Dead\\left4dead.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Teamspeak2_RC2\\server_windows.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"= "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752] R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?] R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432] R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153] S1 98795ea2;98795ea2;c:\windows\system32\drivers\98795ea2.sys --> c:\windows\system32\drivers\98795ea2.sys [?] S3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys --> c:\windows\system32\drivers\iteio.sys [?] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41] 2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42] 2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-31 06:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74, 4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\ "??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1 [HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*] "datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01, 6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\ "rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-10-31 6:42 ComboFix-quarantined-files.txt 2009-10-31 10:42 Pre-Run: 41,854,070,784 bytes free Post-Run: 41,970,520,064 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 1FB80584EA790AA38B1C435152376BFE So, what do i do now?

it seems to have taken care of the malware since after doing what you asked and rebooted, i did a quick scan with MWAM and it found nothing... I stilll however get a BSOD if i boot normally, in otherwords... the only way for me to log on is to go through debugging mode.... and I already tried a chkdsk /r command with my OS CD in... should I do a fixmbr and or fixboot command? any other suggestions? In any case, thanks you very very much for your help with the malware and here are the MWAM log and HijackThis log Malwarebytes' Anti-Malware 1.41 Database version: 3060 Windows 5.1.2600 Service Pack 3 31/10/2009 5:42:52 AM mbam-log-2009-10-31 (05-42-52).txt Scan type: Quick Scan Objects scanned: 104855 Time elapsed: 8 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:43:59 AM, on 31/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\dldfcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- End of file - 19472 bytes

First of all, thanks you for taking the time to read this. My problem started with a trojan Sheur that I couldnt get rid off definitively with my antivirus AVG and Ad-Aware... nor maually... as it kept comming back... so I got MWAM and it seemed as if it got rid of it... even after i rebooted. Redid a scan and now it was a svchost problem.... even after rebooting it's still there... and now while I was scanning again to post the MWAM log to this post... My AVG detected the SHeur again... but MWAM didn;t detect it.. My other problem is my computer won't boot normally... I have to hit F8 after post to be able to choose debugging mode to log onto my computer... safe mode, last known configuration and all the other options won't work and give me a BSOD of irql_not_less_or_equal error... and i might be wrong... but it seems to be linked to my trojan problem cause both problems showed up at the same time... Anyways, here are my MWAM and hijackthis logs... Malwarebytes' Anti-Malware 1.41 Database version: 3060 Windows 5.1.2600 Service Pack 3 30/10/2009 12:50:29 PM mbam-log-2009-10-30 (12-50-29).txt Scan type: Full Scan (C:\|) Objects scanned: 248118 Time elapsed: 53 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP905\A0129185.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP906\A0129304.sys (Rootkit.Rustock) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:35 PM, on 30/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\dldfcoms.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 19868 bytes Awaiting your instructions!