Computer problems, here are my logs.

guffee402 · 10-12-2009, 03:26 PM

I noticed in my C: drive a lot of random directory file name like 9f0cfedbfaf49217af2f4fbce8ce3bda with folders named dotnetfx20, dotnetfx30, donetfx35 and tools. Here are my logfiles. Any assistance is greatly appreciated.

Hi jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:01 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4546A13-6F8C-49DF-98D1-6085587DA82A} (VistaNetCam Control) - http://65.41.75.163/VistaNetCam.ocx
O18 - Protocol: bw+0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {ADF074E4-84B4-475E-964D-51A889B47E62} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19423 bytes

guffee402 · 10-12-2009, 03:27 PM

Malware bytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2948
Windows 5.1.2600 Service Pack 2

10/12/2009 2:11:34 PM
mbam-log-2009-10-12 (14-11-34).txt

Scan type: Quick Scan
Objects scanned: 92630
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guffee402 · 10-12-2009, 03:31 PM

I can't post all of the combo fix log because it's extremely long. In the middle of the c:\windows\Installer part, I omitted a lot of those deletions to make it fit.

Combo fix log:

ComboFix 09-10-11.03 - Owner 10/12/2009 13:53.1.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1493 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\Installer\19b6bc0d.msi
c:\windows\Installer\19b6bc0e.msp
c:\windows\Installer\19b6bc0f.msp
c:\windows\Installer\19b6bc10.msp
c:\windows\Installer\19b6bc11.msp
c:\windows\Installer\19b6bc12.msp

c:\windows\Installer\fd045e.msp
c:\windows\Installer\fd045f.msp

((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 16:35 . 2009-10-12 16:35 -------- d-----w- C:\644360248fc0892abbc2210a47
2009-10-12 16:35 . 2009-10-12 16:35 -------- d-----w- C:\da9ccfb8a85b055afc42b7
2009-10-12 16:30 . 2009-10-12 16:30 -------- d-----w- C:\1bbb36485632fecd6396cfa0
2009-10-12 16:30 . 2009-10-12 16:30 -------- d-----w- C:\60318c0fc98a5ba749
2009-10-12 16:21 . 2009-10-12 16:21 -------- d-----w- C:\7b560a380a1de8d3efe1fa4d
2009-10-12 16:21 . 2009-10-12 16:21 -------- d-----w- C:\ff3d9143a41435c436e0a73af9409564
2009-10-12 16:16 . 2009-10-12 16:16 -------- d-----w- C:\a20ea693347c03793ed291
2009-10-12 16:16 . 2009-10-12 16:16 -------- d-----w- C:\8fb34fc2c0a937d4635fa946b01a4689
2009-10-12 16:07 . 2009-10-12 16:07 -------- d-----w- C:\8e5d683ad14e12a7d000356bd7f84b
2009-10-12 16:07 . 2009-10-12 16:07 -------- d-----w- C:\87442bbbe3c0ad9638232f5bc5595587
2009-10-12 16:02 . 2009-10-12 16:02 -------- d-----w- C:\8918c9806d2eece78d4b
2009-10-12 16:02 . 2009-10-12 16:02 -------- d-----w- C:\7299cf821a792ffb03789a
2009-10-12 15:53 . 2009-10-12 15:53 -------- d-----w- C:\99a5d0defd4afea94251
2009-10-12 15:53 . 2009-10-12 15:53 -------- d-----w- C:\91ace2cf4319ecea7739
2009-10-12 15:48 . 2009-10-12 15:48 -------- d-----w- C:\221aa186e8f5b2a689b1a4
2009-10-12 15:48 . 2009-10-12 15:48 -------- d-----w- C:\0553aacccb117c03b1434c613892
2009-10-12 15:39 . 2009-10-12 15:39 -------- d-----w- C:\a51157c57a7e6805bd4ba600bb60
2009-10-12 15:39 . 2009-10-12 15:39 -------- d-----w- C:\33ff5e01f88cf06227cac419
2009-10-12 15:34 . 2009-10-12 15:34 -------- d-----w- C:\294671042c8164ed487f
2009-10-12 15:34 . 2009-10-12 15:34 -------- d-----w- C:\c6594453e5d46298d61f3fb8225f15
2009-10-12 15:25 . 2009-10-12 15:25 -------- d-----w- C:\493a2ab8261d768e1edd
2009-10-12 15:25 . 2009-10-12 15:25 -------- d-----w- C:\72d1839aa35e207d4f8d41
2009-10-12 15:20 . 2009-10-12 15:20 -------- d-----w- C:\52eb2fa05a396e2281783f
2009-10-12 15:20 . 2009-10-12 15:20 -------- d-----w- C:\ac54478c409017d75fc79748f8
2009-10-12 15:11 . 2009-10-12 15:11 -------- d-----w- C:\0e5f3b0586503e1e0f8334d2e1be74
2009-10-12 15:11 . 2009-10-12 15:11 -------- d-----w- C:\edd5715b30a6359f2ec74026b4bc
2009-10-12 15:06 . 2009-10-12 15:06 -------- d-----w- C:\b72ff16291e138d9198ae21683c16214
2009-10-12 15:06 . 2009-10-12 15:06 -------- d-----w- C:\adc16f3857c245bfe77e7665ca4e
2009-10-12 14:57 . 2009-10-12 14:57 -------- d-----w- C:\4bee0625174320c4b2a7864a
2009-10-12 14:57 . 2009-10-12 14:57 -------- d-----w- C:\80cee2347252af4503
2009-10-12 14:52 . 2009-10-12 14:52 -------- d-----w- C:\6f4032364f7db25fa476eb7d67679793
2009-10-12 14:52 . 2009-10-12 14:52 -------- d-----w- C:\c65bacc0aa23a39f6ccac16fb3fcf3
2009-10-12 14:43 . 2009-10-12 14:43 -------- d-----w- C:\07e166d3af6c6c39d2cc8e27313ae95c
2009-10-12 14:43 . 2009-10-12 14:43 -------- d-----w- C:\775dcdd436d980a62fd0f26416706d43
2009-10-12 14:38 . 2009-10-12 14:38 -------- d-----w- C:\3f3485b886348f2a326a17c0f3d6b3b2
2009-10-12 14:38 . 2009-10-12 14:38 -------- d-----w- C:\3e0222f2a0a2e5c73dd55fcab02aec
2009-10-12 14:29 . 2009-10-12 14:29 -------- d-----w- C:\d0b25be1781b4d31b3
2009-10-12 14:29 . 2009-10-12 14:29 -------- d-----w- C:\d822b10cfe0eff3545
2009-10-12 14:24 . 2009-10-12 14:24 -------- d-----w- C:\8b9da03b35f3d359a0e7b436
2009-10-12 14:24 . 2009-10-12 14:24 -------- d-----w- C:\68a265b4ee7712a805
2009-10-12 14:15 . 2009-10-12 14:15 -------- d-----w- C:\7ef0272fa3ea8212bd4587a567dd2b
2009-10-12 14:15 . 2009-10-12 14:15 -------- d-----w- C:\02be68177d2ba4ba1aa558
2009-10-12 14:10 . 2009-10-12 14:10 -------- d-----w- C:\db8c498e8759d66f9c0bb90b
2009-10-12 14:10 . 2009-10-12 14:10 -------- d-----w- C:\714112771972b8866555
2009-10-12 14:01 . 2009-10-12 14:01 -------- d-----w- C:\982695c57adb3fc5b7
2009-10-12 14:01 . 2009-10-12 14:01 -------- d-----w- C:\7d3a33c452d94e153cd62fc698ba
2009-10-12 13:56 . 2009-10-12 13:56 -------- d-----w- C:\0035444f31b2d2f442
2009-10-12 13:56 . 2009-10-12 13:56 -------- d-----w- C:\1ffe42ade517d0fb6caca80d428376d6
2009-10-12 13:48 . 2009-10-12 13:48 -------- d-----w- C:\c67cfa896bf47df6f4634923659888
2009-10-12 13:48 . 2009-10-12 13:48 -------- d-----w- C:\f6897e25ceaea6220526e27b16f96b
2009-10-12 13:43 . 2009-10-12 13:43 -------- d-----w- C:\803ac4709c7ecd125f
2009-10-12 13:43 . 2009-10-12 13:43 -------- d-----w- C:\8051bd773d83899e1c
2009-10-12 13:34 . 2009-10-12 13:34 -------- d-----w- C:\f6fc92c85fa75cb3577bd05ef3013f
2009-10-12 13:34 . 2009-10-12 13:34 -------- d-----w- C:\5aa7c2ff6acf7414bbc655
2009-10-12 13:29 . 2009-10-12 13:29 -------- d-----w- C:\72e55523ccfdcab0d8aa54
2009-10-12 13:29 . 2009-10-12 13:29 -------- d-----w- C:\8dc9b912f1ebf5c980ebb03768d9
2009-10-12 13:20 . 2009-10-12 13:20 -------- d-----w- C:\d19792771966a00c45f8
2009-10-12 13:20 . 2009-10-12 13:20 -------- d-----w- C:\782307be5f6bc9e52f
2009-10-12 13:15 . 2009-10-12 13:15 -------- d-----w- C:\e2cca4b55d4ec385852649
2009-10-12 13:15 . 2009-10-12 13:15 -------- d-----w- C:\81b09510bbe206090db3
2009-10-12 13:06 . 2009-10-12 13:06 -------- d-----w- C:\6f899a05d44b0f9411915c90ff52e8f4
2009-10-12 13:06 . 2009-10-12 13:06 -------- d-----w- C:\d00b578fc1dda12906
2009-10-12 13:01 . 2009-10-12 13:01 -------- d-----w- C:\5bf694b809f50232a68b72d9
2009-10-12 13:01 . 2009-10-12 13:01 -------- d-----w- C:\f4d7278923b07db83cd209aa51
2009-10-12 12:52 . 2009-10-12 12:52 -------- d-----w- C:\b893a11a412bfe9663
2009-10-12 12:52 . 2009-10-12 12:52 -------- d-----w- C:\6d8607063b32b92d6838ef7e0fac
2009-10-12 12:47 . 2009-10-12 12:47 -------- d-----w- C:\ae5079edaeba28b79b3ae8bd6f3dc9
2009-10-12 12:47 . 2009-10-12 12:47 -------- d-----w- C:\9090d6f26cadd74e45
2009-10-12 12:38 . 2009-10-12 12:38 -------- d-----w- C:\ec67f994fe4ca4367f972308a9
2009-10-12 12:38 . 2009-10-12 12:38 -------- d-----w- C:\3f455d515f3102c9e6a34d991398fa07
2009-10-12 12:33 . 2009-10-12 12:33 -------- d-----w- C:\6563b6264e93dc33c11e4cec997c
2009-10-12 12:33 . 2009-10-12 12:33 -------- d-----w- C:\0e77ecffb629a2c73adbd225de365c
2009-10-12 12:24 . 2009-10-12 12:24 -------- d-----w- C:\bc4bb0188ae94ed12293b43331
2009-10-12 12:24 . 2009-10-12 12:24 -------- d-----w- C:\d78d03b6e86a832cb2844a88a2b8b58c
2009-10-12 12:19 . 2009-10-12 12:19 -------- d-----w- C:\72b15a2c6e7cd5fcfbba4f
2009-10-12 12:19 . 2009-10-12 12:19 -------- d-----w- C:\52311c608beff25296fb76
2009-10-12 12:10 . 2009-10-12 12:10 -------- d-----w- C:\4ecac25eb59e51bfc8c91b117f3d42
2009-10-12 12:10 . 2009-10-12 12:10 -------- d-----w- C:\1e5de60a7547cf440be5e453ac4cc2
2009-10-12 12:05 . 2009-10-12 12:05 -------- d-----w- C:\c7d91653a9bf4d076df42b990f16bbe2
2009-10-12 12:05 . 2009-10-12 12:05 -------- d-----w- C:\59bcf6b87afa92880398
2009-10-12 11:57 . 2009-10-12 11:57 -------- d-----w- C:\aa2b244b2dc3d17bf254a5
2009-10-12 11:57 . 2009-10-12 11:57 -------- d-----w- C:\ae0ac590059d47dece9952a97d833b
2009-10-12 11:51 . 2009-10-12 11:51 -------- d-----w- C:\a3889d34ae75482048d77495
2009-10-12 11:51 . 2009-10-12 11:51 -------- d-----w- C:\a272ba769d975ba8610a59
2009-10-12 11:43 . 2009-10-12 11:43 -------- d-----w- C:\fc6380eeae8d4ec9fd7f578f9d
2009-10-12 11:43 . 2009-10-12 11:43 -------- d-----w- C:\84ee4bbf2f22c6fd07045da289
2009-10-12 11:38 . 2009-10-12 11:38 -------- d-----w- C:\05b27baebecd3f2439a05b97cae6
2009-10-12 11:38 . 2009-10-12 11:38 -------- d-----w- C:\c7afe5f1d281e04dd76572002f19f78d
2009-10-12 11:29 . 2009-10-12 11:29 -------- d-----w- C:\5cfc77fb0e04c9121f25b3b5aa
2009-10-12 11:29 . 2009-10-12 11:29 -------- d-----w- C:\3c063f3b5b1a1d2a73255882f3
2009-10-12 11:24 . 2009-10-12 11:24 -------- d-----w- C:\980d5cf7d613a1d125
2009-10-12 11:24 . 2009-10-12 11:24 -------- d-----w- C:\9a316b347f4cfa22ec2f3a
2009-10-12 11:15 . 2009-10-12 11:15 -------- d-----w- C:\1804e8f388f0e73c40
2009-10-12 11:15 . 2009-10-12 11:15 -------- d-----w- C:\2aa7fb273eef165ebe60ad
2009-10-12 11:10 . 2009-10-12 11:10 -------- d-----w- C:\b7f775b034c5236ce5fc71bf2aa86b69
2009-10-12 11:10 . 2009-10-12 11:10 -------- d-----w- C:\ddafef828ffe49db2d66be7a491b
2009-10-12 11:01 . 2009-10-12 11:01 -------- d-----w- C:\9f6b84813fe2a2ebb20f3d43ee45afee
2009-10-12 11:01 . 2009-10-12 11:01 -------- d-----w- C:\c478ffd445a6e9ab244fe0dcfb
2009-10-12 10:56 . 2009-10-12 10:56 -------- d-----w- C:\06fbce3ef0245ba55c64db41105f3b
2009-10-12 10:56 . 2009-10-12 10:56 -------- d-----w- C:\234cc7607a295ee473d6ce00
2009-10-12 10:48 . 2009-10-12 10:48 -------- d-----w- C:\e13fce69f5799c212473
2009-10-12 10:47 . 2009-10-12 10:48 -------- d-----w- C:\154641c69379e04e2f048e8ceaec
2009-10-12 10:43 . 2009-10-12 10:43 -------- d-----w- C:\79f940a78ee197398404
2009-10-12 10:42 . 2009-10-12 10:42 -------- d-----w- C:\5cf28ff133b10315902ac7eb6c
2009-10-12 10:34 . 2009-10-12 10:34 -------- d-----w- C:\1ad3f4e45f0e3836f627ca
2009-10-12 10:34 . 2009-10-12 10:34 -------- d-----w- C:\10dcaef79a2e10ec63
2009-10-12 10:29 . 2009-10-12 10:29 -------- d-----w- C:\645c454428d2ff46640b64c972
2009-10-12 10:29 . 2009-10-12 10:29 -------- d-----w- C:\5d6163fb86c9246c5c59ec2fddc0
2009-10-12 10:20 . 2009-10-12 10:20 -------- d-----w- C:\742566e829fd1f20c1d537d876
2009-10-12 10:20 . 2009-10-12 10:20 -------- d-----w- C:\fe308217ef5ac3a93bb94637724f3a
2009-10-12 10:15 . 2009-10-12 10:15 -------- d-----w- C:\f86223c163c369df04
2009-10-12 10:15 . 2009-10-12 10:15 -------- d-----w- C:\71aeee328e42eb6f0bd5
2009-10-12 10:06 . 2009-10-12 10:06 -------- d-----w- C:\4479815ad2324b10da44084794
2009-10-12 10:06 . 2009-10-12 10:06 -------- d-----w- C:\4240cd99601022a246656b
2009-10-12 10:02 . 2009-10-12 10:02 -------- d-----w- C:\3675890d8f4c0cc4c01bebfb497b5b
2009-10-12 10:02 . 2009-10-12 10:02 -------- d-----w- C:\19a7880fb6b006bd7e10
2009-10-12 09:53 . 2009-10-12 09:53 -------- d-----w- C:\dbc27c057fc8a8fc683e25a6
2009-10-12 09:53 . 2009-10-12 09:53 -------- d-----w- C:\73f5d9f1dd3d2c2fd438a750
2009-10-12 09:48 . 2009-10-12 09:48 -------- d-----w- C:\f7ae0d67e3121795a69c1595513b4a07
2009-10-12 09:48 . 2009-10-12 09:48 -------- d-----w- C:\11086a969667e2eb78c2
2009-10-12 09:39 . 2009-10-12 09:39 -------- d-----w- C:\614f4d84d50a60f8becd
2009-10-12 09:39 . 2009-10-12 09:39 -------- d-----w- C:\fbf37ccf230e6e75aa9d9e18
2009-10-12 09:34 . 2009-10-12 09:34 -------- d-----w- C:\d71eae9af76ba13a319df5b612b2201f
2009-10-12 09:34 . 2009-10-12 09:34 -------- d-----w- C:\2aed61613ba4ca0dc6967a
2009-10-12 09:25 . 2009-10-12 09:25 -------- d-----w- C:\7716ed8a01aa8aca84f69ca47e97ee82

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-12 18:48 . 2008-01-04 23:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-25 22:36 . 2008-01-04 21:01 -------- d-----w- c:\program files\World of Warcraft
2009-08-20 21:45 . 2009-08-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-02-22 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-16 13570048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-08-16 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-16 1657376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-12-10 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:3

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\WARBits\\warpatch.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/9/2009 3:13 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [10/9/2009 3:13 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/13/2009 4:27 PM 24652]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [12/1/2008 1:26 PM 22784]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Tem p\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D4546A13-6F8C-49DF-98D1-6085587DA82A} - hxxp://65.41.75.163/VistaNetCam.ocx
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\muppro56.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
ORPHANS REMOVED

AddRemove-Warhammer Online: Age of Reckoning - c:\documents and settings\Owner\Desktop\War\uninst2.exe

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-12 14:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Completion time: 2009-10-12 14:04
ComboFix-quarantined-files.txt 2009-10-12 19:04

Pre-Run: 74,996,080,640 bytes free
Post-Run: 76,510,552,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

3557 --- E O F --- 2009-10-12 05:25

Osiris · 10-12-2009, 04:16 PM

Those temp directories are legit, they belong to Microsoft DOTNET

Log looks fine

guffee402 · 10-12-2009, 05:17 PM

Even though there are about 200+ folders all named like that?

Osiris · 10-12-2009, 06:06 PM

Yep

Member Login