Logfile of HijackThis v1.99.1
Scan saved at 5:26:34 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

SumDude,

I don't see anything. Let's run an online scan as a double check.

Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Friday, October 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 24, 2008 19:59:29
Records in database: 1342842


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 92743
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 02:02:31

File name Threat name Threats count
C:\Documents and Settings\Owner.Doodle\Desktop\muzik\Soundgarden - Fell on black days.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

H:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

SumDude,

Let's do a couple more to see if it spread.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Then

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also "copy/paste" a new HijackThis log file into this thread.

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081025-1] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 143 Go Free : 31 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (Local Disk) - FAT32 - Total : 5 Go Free : 3 Go
I:\ (CD or DVD)
J:\ (USB)

"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( Sat 10/25/2008|15:08 )

--------------------\\ Listing folders in APPLIC~1

[06/17/2006|03:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[07/31/2006|06:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/31/2006|06:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[07/31/2006|06:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[08/19/2007|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/25/2007|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/01/2007|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BINBEEPINTERBITS
[01/25/2007|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[08/19/2007|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/12/2007|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[05/05/2007|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/10/2008|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd
[10/03/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[07/31/2006|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/10/2007|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[02/05/2007|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[03/09/2008|02:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/05/2007|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[02/09/2007|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[06/19/2006|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[07/31/2006|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/20/2007|05:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[12/12/2007|11:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/06/2008|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/01/2007|03:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[09/07/2008|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[10/18/2007|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[07/31/2006|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[01/30/2008|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[01/14/2007|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/14/2007|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar
[10/02/2008|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[04/04/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[06/17/2006|03:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/31/2006|06:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/31/2006|06:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[07/31/2006|06:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[01/14/2007|02:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/31/2007|02:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/31/2007|02:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


[03/19/2008|10:20] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Adobe
[01/14/2007|02:42] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> AdobeUM
[01/26/2007|06:05] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Ahead
[06/01/2007|12:00] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> bits plus load
[10/05/2008|12:06] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> CameraWindowDC
[04/04/2008|08:55] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> CANON INC
[01/25/2007|09:42] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> CyberLink
[01/17/2008|08:15] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> eLanguage
[09/07/2008|11:45] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> ForgottenRiddles2
[10/23/2007|11:32] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Google
[02/07/2007|10:13] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Help
[06/17/2006|03:41] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Identities
[10/03/2008|10:36] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Leadertech
[04/26/2008|04:34] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> LimeWire
[11/01/2007|11:01] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Logitech
[01/15/2007|09:57] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Macromedia
[01/15/2007|06:19] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/04/2008|03:11] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Microsoft
[10/02/2008|04:58] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> mIRC
[08/25/2008|10:18] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Mozilla
[11/01/2007|10:58] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Musicmatch
[10/07/2007|05:55] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> PC Tools
[03/09/2008|02:45] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Real
[07/31/2006|06:49] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> SampleView
[06/14/2007|11:31] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Sun
[09/06/2008|08:32] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/01/2007|05:02] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Template
[11/05/2007|03:52] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> vlc
[01/28/2007|03:43] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> WildTangent
[12/12/2007|08:46] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> WinPatrol
[10/02/2008|05:22] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> Yahoo!
[07/31/2006|06:42] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> You've Got Pictures Screensaver
[10/05/2008|12:07] C:\DOCUME~1\OWNER~1.DOO\APPLIC~1\<DIR> ZoomBrowser EX

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/25/2008 10:27 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[10/25/2008 10:23 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 01:00 PM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/19/2007|08:18] C:\Program Files\<DIR> Adobe
[12/12/2007|07:11] C:\Program Files\<DIR> Alwil Software
[09/02/2008|07:39] C:\Program Files\<DIR> Are You Smarter Than A 5th Grader Make The Grade
[03/09/2008|02:48] C:\Program Files\<DIR> BigFix
[10/11/2008|08:47] C:\Program Files\<DIR> BitLord
[06/01/2007|04:17] C:\Program Files\<DIR> bits plus load
[04/04/2008|07:40] C:\Program Files\<DIR> Canon
[10/07/2008|05:48] C:\Program Files\<DIR> CarbonPoker
[10/03/2008|10:28] C:\Program Files\<DIR> Common Files
[06/17/2006|03:37] C:\Program Files\<DIR> ComPlus Applications
[09/04/2008|09:19] C:\Program Files\<DIR> Conduit
[03/05/2007|08:50] C:\Program Files\<DIR> CyberLink
[07/31/2006|06:33] C:\Program Files\<DIR> Digital Media Reader
[09/01/2008|12:47] C:\Program Files\<DIR> directx
[01/17/2008|08:10] C:\Program Files\<DIR> eLanguage
[06/16/2007|12:48] C:\Program Files\<DIR> FBM Software
[08/26/2008|08:51] C:\Program Files\<DIR> Forgotten Riddles - The Moonlight Sonatas
[03/09/2008|02:48] C:\Program Files\<DIR> Gateway Games
[02/09/2007|11:56] C:\Program Files\<DIR> Global Star
[08/20/2007|06:31] C:\Program Files\<DIR> Google
[07/31/2006|06:43] C:\Program Files\<DIR> gtw_logo
[12/14/2007|05:58] C:\Program Files\<DIR> InstallShield Installation Information
[10/16/2008|01:33] C:\Program Files\<DIR> Internet Explorer
[09/06/2008|05:41] C:\Program Files\<DIR> Java
[05/05/2007|11:16] C:\Program Files\<DIR> Kodak
[10/18/2008|06:31] C:\Program Files\<DIR> Lavalys
[09/03/2008|07:54] C:\Program Files\<DIR> LimeWire
[10/10/2008|02:27] C:\Program Files\<DIR> Logitech
[10/23/2007|12:01] C:\Program Files\<DIR> MagicISO
[05/10/2007|10:30] C:\Program Files\<DIR> Maxis
[08/26/2008|11:38] C:\Program Files\<DIR> Messenger
[07/31/2006|06:32] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|09:17] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/31/2006|06:39] C:\Program Files\<DIR> Microsoft Digital Image 2006
[06/17/2006|03:41] C:\Program Files\<DIR> microsoft frontpage
[07/31/2006|06:40] C:\Program Files\<DIR> Microsoft Office
[09/10/2008|07:57] C:\Program Files\<DIR> Microsoft Works
[07/31/2006|06:31] C:\Program Files\<DIR> Microsoft.NET
[08/26/2008|11:32] C:\Program Files\<DIR> Movie Maker
[10/01/2008|03:02] C:\Program Files\<DIR> Mozilla Firefox
[06/17/2006|03:35] C:\Program Files\<DIR> MSN
[07/31/2006|06:39] C:\Program Files\<DIR> MSN Encarta Plus
[06/17/2006|03:35] C:\Program Files\<DIR> MSN Gaming Zone
[08/30/2008|02:14] C:\Program Files\<DIR> MSN Messenger
[01/14/2007|02:44] C:\Program Files\<DIR> MSXML 4.0
[01/25/2007|10:35] C:\Program Files\<DIR> MTV Networks
[11/01/2007|10:58] C:\Program Files\<DIR> MUSICMATCH
[03/09/2008|02:43] C:\Program Files\<DIR> Mystery Case Files Prime Suspects
[03/05/2007|08:06] C:\Program Files\<DIR> Napster
[01/26/2007|05:48] C:\Program Files\<DIR> Nero
[08/26/2008|11:28] C:\Program Files\<DIR> NetMeeting
[06/17/2006|03:36] C:\Program Files\<DIR> Online Services
[08/26/2008|11:28] C:\Program Files\<DIR> Outlook Express
[01/25/2007|08:39] C:\Program Files\<DIR> Pure Networks
[03/09/2008|02:44] C:\Program Files\<DIR> QuickTime
[07/31/2006|06:42] C:\Program Files\<DIR> Realtek
[12/12/2007|11:14] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/06/2008|05:41] C:\Program Files\<DIR> Sun
[09/06/2008|08:32] C:\Program Files\<DIR> SUPERAntiSpyware
[06/07/2008|09:02] C:\Program Files\<DIR> The Secret of Margrave Manor
[02/04/2008|12:42] C:\Program Files\<DIR> TheWeatherNetwork
[01/28/2008|04:46] C:\Program Files\<DIR> thriXXX
[09/06/2008|04:26] C:\Program Files\<DIR> TorrentMan
[10/02/2008|12:08] C:\Program Files\<DIR> Trend Micro
[06/17/2006|03:46] C:\Program Files\<DIR> Uninstall Information
[11/05/2007|03:51] C:\Program Files\<DIR> VideoLAN
[07/31/2006|06:41] C:\Program Files\<DIR> Viewpoint
[07/31/2006|06:36] C:\Program Files\<DIR> WildTangent
[03/09/2008|02:57] C:\Program Files\<DIR> Windows Defender
[03/21/2008|10:51] C:\Program Files\<DIR> Windows Media Connect 2
[03/21/2008|10:51] C:\Program Files\<DIR> Windows Media Player
[08/26/2008|11:28] C:\Program Files\<DIR> Windows NT
[06/17/2006|03:36] C:\Program Files\<DIR> Windows Plus
[06/17/2006|03:39] C:\Program Files\<DIR> WindowsUpdate
[02/07/2007|10:13] C:\Program Files\<DIR> WinRAR
[06/17/2006|03:41] C:\Program Files\<DIR> xerox
[10/02/2008|06:59] C:\Program Files\<DIR> Yahoo!
[10/02/2008|05:28] C:\Program Files\<DIR> ZC2.10

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/19/2007|08:18] C:\Program Files\Common Files\<DIR> Adobe
[01/29/2007|06:20] C:\Program Files\Common Files\<DIR> Ahead
[01/25/2007|08:37] C:\Program Files\Common Files\<DIR> AOL
[04/04/2008|07:37] C:\Program Files\Common Files\<DIR> Canon
[07/31/2006|06:32] C:\Program Files\Common Files\<DIR> DESIGNER
[07/31/2006|06:35] C:\Program Files\Common Files\<DIR> InstallShield
[09/06/2008|05:37] C:\Program Files\Common Files\<DIR> Java
[10/10/2008|02:30] C:\Program Files\Common Files\<DIR> logishrd
[11/01/2007|10:56] C:\Program Files\Common Files\<DIR> Logitech
[10/02/2008|05:20] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/17/2006|03:38] C:\Program Files\Common Files\<DIR> MSSoap
[06/19/2006|12:36] C:\Program Files\Common Files\<DIR> New Boundary
[07/31/2006|06:42] C:\Program Files\Common Files\<DIR> Nullsoft
[06/16/2006|08:31] C:\Program Files\Common Files\<DIR> ODBC
[03/09/2008|02:45] C:\Program Files\Common Files\<DIR> Real
[07/31/2006|06:39] C:\Program Files\Common Files\<DIR> Roxio Shared
[06/17/2006|03:38] C:\Program Files\Common Files\<DIR> Services
[06/16/2006|08:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/01/2007|03:28] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/26/2008|11:28] C:\Program Files\Common Files\<DIR> System
[09/06/2008|08:32] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 32 Processes )

iexplore.exe ~ [PID:1696]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 15:09:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:1199][D:107]-> C:\DOCUME~1\OWNER~1.DOO\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\OWNER~1.DOO\Cookies
[F:364][D:5]-> C:\DOCUME~1\OWNER~1.DOO\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/25/2008|15:10 - Option : [1]

--------------------\\ Scan completed at 15:10:29

Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 5.1.2600 Service Pack 3

10/25/2008 3:22:41 PM
mbam-log-2008-10-25 (15-22-41).txt

Scan type: Quick Scan
Objects scanned: 54885
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gksraemq.brsf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.

SumDude,

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Owner.Doodle\Desktop\muzik\Soundgarden - Fell on black days.mp3
  H:\i386\Apps\App17981\comps\toolbar\toolbr.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a new HijackThis log.

ummmm... that soundgarden file i already deleted it out of where it was originally found what do i do now cause i think i deleted it out of recycle bin as well

SumDude,

Just continue with instructions. If it's already gone, report will just say that.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Documents and Settings\Owner.Doodle\Desktop\muzik\Soundgarden - Fell on black days.mp3 not found.
H:\i386\Apps\App17981\comps\toolbar\toolbr.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_534.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_192950

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_534.dat moved successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:34 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner.Doodle\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168806160611
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7267 bytes

SumDude,

Use the link below to see how to run the Norton Removal Tool
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

• Please open HijackThis and run Do a system scan only
• Check the boxes next to ONLY the entries listed below(if present):
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
  
  
• Close all programs except for HijackThis.
• Click on Fix checked
• A box will pop up asking you if you wish to fix the selected items. Please choose YES.
• Once it has fixed them, please exit/close HijackThis.

Please give me one more HijackThis log and tell me how it's running for you.

i dont have a norton

SumDude,

I know. But it was installed on your computer at some point and there are still traces that you should get rid of. That program will do that.

well norton thing stayrd on #023!! umm yah anyways did another hijack log after the scan only and here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:38 AM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Owner.Doodle\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168806160611
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{02FBDB6D-780D-43E2-94D2-A61574E2B8FC}: NameServer = 64.59.184.13,64.59.184.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6965 bytes