WinXP hangs for 5 secs every 1 or 2 mins

JonB80 0 Newbie Poster
15 Years Ago
Can anyone help me with this problem. It's just started happening that the screen, sound and cursor all freeze for about 5 seconds every 1 - 2 mintues. It's very annoying. IT's not due to the CPU becoming overloaded and after a restart it doesn't start happening again straight away.
Thanks in advance for any assistance. Here are the HijackThis & ComboFix logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:22, on 30/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\InterMute\SpySubtract\CWShredder.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\program files\InterMute\SpySubtract\IMReport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=105563[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14DEC14C-B7ED-4E8D-A44A-2D1BAFE7EDF2} - C:\WINDOWS\system32\urqQhFxX.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5437FF28-BFF5-4B34-B270-BF061151DEDA} - C:\WINDOWS\system32\efcATjkH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A9327D8-D95C-488E-86A6-0227FCF5EE81} - C:\WINDOWS\system32\ssqRIXrr.dll (file missing)
O2 - BHO: (no name) - {AD1AF197-2F6A-479A-9109-39FCC46BD2B7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B7E7307D-A2F6-4A59-8F47-0C757244BCD0} - C:\WINDOWS\system32\ljJYqOfE.dll (file missing)
O2 - BHO: (no name) - {BD2300CC-3036-443C-9FD9-D223AEE9D705} - C:\WINDOWS\system32\iifgEtqn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/url]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [url]http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209851331_a1c80dc7382b1c4c6977731ff6ebb0a2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab[/url]
O18 - Protocol: bw+0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {50A25531-AD93-482C-B1CC-D2B1C5573633} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqRIXrr - ssqRIXrr.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 22653 bytes


_______________________________________________________________________

ComboFix 08-06-20.4 - Owner 2008-06-30 12:32:55.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1290 [GMT 1:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
    /wow section - STAGE 41
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  )))))))))))))))))))))))))))))))
.

2008-06-30 12:10 . 2008-06-30 12:10 <DIR>    d--------   C:\Program Files\InterMute
2008-06-30 08:28 . 2008-06-30 08:28 <DIR>    d--------   C:\Program Files\Lavasoft
2008-06-30 08:28 . 2008-06-30 08:30 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 21:09 . 2004-08-04 13:00 450,794 -ra------   C:\txtsetup.sif
2008-06-29 21:09 . 2004-08-04 13:00 260,272 -ra------   C:\$LDR$
2008-06-29 21:08 . 2008-06-29 21:09 <DIR>    d--------   C:\$WIN_NT$.~BT
2008-06-29 13:25 . 2008-06-29 13:25 <DIR>    d--------   C:\VundoFix Backups
2008-06-25 18:16 . 2008-06-25 18:16 <DIR>    d--------   C:\Program Files\JalbumWin
2008-06-25 16:22 . 2002-12-29 01:14 81,920  --a------   C:\WINDOWS\system32\Startup.cpl
2008-06-25 13:48 . 2008-06-25 13:48 <DIR>    d--------   C:\WINDOWS\ie8updates
2008-06-25 11:07 . 2008-06-25 11:37 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Skype
2008-06-25 11:06 . 2008-06-25 11:06 <DIR>    d--------   C:\Program Files\Skype
2008-06-25 11:06 . 2008-06-25 11:06 <DIR>    d--------   C:\Program Files\Common Files\Skype
2008-06-25 11:06 . 2008-06-25 11:06 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 09:51 . 2008-06-25 09:51 <DIR>    d--------   C:\Program Files\Safer Networking
2008-06-23 23:15 . 2008-06-23 23:18 <DIR>    d--h-c---   C:\WINDOWS\ie8
2008-06-23 20:32 . 2008-06-23 20:32 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\LaCie
2008-06-23 20:31 . 2008-06-23 20:31 <DIR>    d--------   C:\Program Files\LaCie
2008-06-23 20:28 . 2008-06-23 20:28 <DIR>    d--------   C:\WINDOWS\system32\URTTEMP
2008-06-23 16:54 . 2008-06-23 16:54 <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 16:54 . 2008-06-23 16:54 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-23 16:54 . 2008-06-23 16:54 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 16:54 . 2008-06-19 17:55 34,296  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 16:54 . 2008-06-19 17:55 17,144  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 14:54 . 2008-06-23 14:54 <DIR>    d--------   C:\Program Files\Trend Micro
2008-06-22 22:14 . 2008-06-22 22:14 <DIR>    d--------   C:\Program Files\audiovideo
2008-06-21 14:15 . 2008-06-23 14:46 269 --a------   C:\WINDOWS\wininit.ini
2008-06-21 14:00 . 2008-06-21 14:00 <DIR>    d--------   C:\Program Files\Spybot - Search & Destroy
2008-06-21 14:00 . 2008-06-21 14:15 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 17:48 . 2008-06-30 09:19 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-13 16:10 . 2008-06-13 16:10 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-13 16:08 . 2008-06-13 16:08 <DIR>    d--------   C:\Program Files\Windows Live Toolbar
2008-06-11 12:39 . 2008-06-13 12:05 272,128 -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 12:39 . 2008-05-08 15:02 203,136 -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 08:16 . 2008-06-09 08:16 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Leadertech
2008-06-06 17:13 . 2008-06-06 17:13 <DIR>    d--------   C:\Program Files\mplayer
2008-06-02 08:41 . 2008-06-02 08:41 <DIR>    d--------   C:\Program Files\muvee Technologies
2008-06-02 08:41 . 2008-06-02 08:41 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-06-02 08:40 . 2008-06-02 08:40 <DIR>    d--------   C:\Program Files\PowerDVD
2008-06-02 08:40 . 2008-06-02 08:40 <DIR>    d--------   C:\Program Files\Common Files\ArcSoft
2008-06-02 08:40 . 2008-06-02 08:40 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-02 08:38 . 2008-06-02 08:38 <DIR>    d--------   C:\Program Files\Common Files\Sonic
2008-06-02 08:38 . 2008-06-09 08:16 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Sonic
2008-06-02 08:37 . 2008-06-02 08:37 <DIR>    d--------   C:\Program Files\Sonic_RecordNow
2008-06-02 08:37 . 2008-06-02 08:37 <DIR>    d--------   C:\Program Files\Sonic
2008-06-02 08:37 . 2008-06-02 08:37 <DIR>    d--------   C:\Program Files\Common Files\SureThing Shared
2008-06-02 08:36 . 2008-06-02 10:25 <DIR>    d--------   C:\Program Files\HP DVD
2008-05-31 22:45 . 2008-05-31 22:45 184 --a------   C:\Shortcut to LACIE (D).lnk
2008-05-31 16:13 . 2008-05-31 16:13 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-31 00:22 . 2008-05-31 00:22 823,296 --a------   C:\WINDOWS\system32\divx_xx0c.dll
2008-05-31 00:22 . 2008-05-31 00:22 823,296 --a------   C:\WINDOWS\system32\divx_xx07.dll
2008-05-31 00:22 . 2008-05-31 00:22 815,104 --a------   C:\WINDOWS\system32\divx_xx0a.dll
2008-05-31 00:22 . 2008-05-31 00:22 802,816 --a------   C:\WINDOWS\system32\divx_xx11.dll
2008-05-31 00:22 . 2008-05-31 00:22 593,920 --a------   C:\WINDOWS\system32\dpuGUI11.dll
2008-05-31 00:22 . 2008-05-31 00:22 344,064 --a------   C:\WINDOWS\system32\dpus11.dll
2008-05-31 00:22 . 2008-05-31 00:22 294,912 --a------   C:\WINDOWS\system32\dpu11.dll
2008-05-31 00:22 . 2008-05-31 00:22 294,912 --a------   C:\WINDOWS\system32\dpu10.dll
2008-05-31 00:22 . 2008-05-31 00:22 57,344  --a------   C:\WINDOWS\system32\dpv11.dll
2008-05-31 00:22 . 2008-05-31 00:22 53,248  --a------   C:\WINDOWS\system32\dpuGUI10.dll
2008-05-29 10:04 . 2008-05-29 10:04 <DIR>    d--------   C:\Program Files\Any Video Converter
2008-05-29 10:04 . 2008-06-19 23:23 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Any Video Converter
2008-05-29 08:09 . 2008-06-12 20:21 9,662   --a------   C:\WINDOWS\EPISME00.SWB
2008-05-29 02:45 . 2003-02-24 17:17 299,552 --a------   C:\WINDOWS\wmsysprx.prx
2008-05-29 02:44 . 2008-05-29 02:45 <DIR>    d--------   C:\Program Files\Acoustica CD Label Maker
2008-05-29 02:44 . 2008-05-29 02:44 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\Acoustica
2008-05-28 18:23 . 2008-05-28 18:23 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-28 18:22 . 2008-05-28 18:22 <DIR>    d--------   C:\Program Files\Apple Software Update
2008-05-28 18:22 . 2008-05-28 18:22 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 18:20 . 2008-05-28 18:23 <DIR>    d--------   C:\Program Files\QuickTime
2008-05-28 01:49 . 2008-06-02 08:35 <DIR>    d--------   C:\Program Files\Common Files\element5 Shared
2008-05-28 01:49 . 2008-05-28 01:49 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-05-28 01:49 . 2008-05-28 01:49 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\element5
2008-05-28 01:47 . 2003-09-19 17:45 21,248  --a------   C:\WINDOWS\system32\drivers\pfc.sys
2008-05-28 01:46 . 2008-06-28 19:58 <DIR>    d--------   C:\Program Files\ArcSoft
2008-05-28 01:46 . 1995-07-31 13:44 212,480 --a------   C:\WINDOWS\PCDLIB32.DLL
2008-05-26 19:27 . 2008-05-26 19:27 <DIR>    d--------   C:\Program Files\PIXELA
2008-05-26 19:26 . 2008-05-26 19:26 <DIR>    d--------   C:\Drivers
2008-05-26 19:26 . 2001-11-05 09:23 299,923 --a------   C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-05-26 19:26 . 2002-10-15 22:41 102,220 --a------   C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-05-26 19:26 . 2001-07-03 20:33 53,248  --a------   C:\WINDOWS\system32\SONYHCY.DLL
2008-05-26 19:26 . 2001-11-05 09:23 38,739  --a------   C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-05-26 19:26 . 2001-11-05 09:23 6,097   --a------   C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-05-26 19:26 . 2001-07-03 20:39 3,654   --a------   C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-05-26 19:25 . 2008-05-26 19:25 <DIR>    d--------   C:\Program Files\Sony Corporation
2008-05-26 19:25 . 2008-06-02 08:41 <DIR>    d--------   C:\Program Files\Common Files\muvee Technologies
2008-05-26 19:25 . 2001-03-24 02:18 121,856 --a------   C:\WINDOWS\system32\lfmpg12n.dll
2008-05-26 19:25 . 1998-06-18 00:00 89,360  --a------   C:\WINDOWS\system32\VB5DB.DLL
2008-05-26 19:25 . 2001-03-24 02:17 43,008  --a------   C:\WINDOWS\system32\lfgif12n.dll
2008-05-26 19:25 . 2001-03-20 21:55 41,472  --a------   C:\WINDOWS\system32\LTTWN12n.DLL
2008-05-26 19:25 . 2001-03-24 02:15 25,600  --a------   C:\WINDOWS\system32\lfavi12n.dll
2008-05-26 19:25 . 2004-03-08 12:55 13,567  --a------   C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-05-26 19:25 . 2000-05-19 17:49 1,458   --a------   C:\WINDOWS\system32\LTOCX12n.INF
2008-05-26 18:10 . 2008-05-26 18:10 <DIR>    d--------   C:\Program Files\Microsoft Office Live
2008-05-24 21:21 . 2008-05-24 21:21 <DIR>    d--------   C:\Program Files\TVUPlayer
2008-05-24 21:21 . 2008-05-24 21:21 <DIR>    d--------   C:\Documents and Settings\Owner\LocalLow
2008-05-24 21:21 . 2008-05-24 21:21 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\TVU Networks
2008-05-24 21:21 . 2008-05-24 21:21 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-22 23:22 . 2008-05-22 23:22 3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:22 . 2008-05-22 23:22 524,288 --a------   C:\WINDOWS\system32\DivXsm.exe
2008-05-22 23:22 . 2008-05-22 23:22 4,816   --a------   C:\WINDOWS\system32\divxsm.tlb
2008-05-22 23:20 . 2008-05-22 23:20 1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2008-05-22 23:20 . 2008-05-22 23:20 200,704 --a------   C:\WINDOWS\system32\ssldivx.dll
2008-05-22 23:19 . 2008-05-22 23:19 196,608 --a------   C:\WINDOWS\system32\dtu100.dll
2008-05-22 23:19 . 2008-05-22 23:19 161,096 --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 23:19 . 2008-05-22 23:19 416 --a------   C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 23:19 . 2008-05-22 23:19 416 --a------   C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 23:18 . 2008-05-22 23:18 12,288  --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 18:57 . 2008-05-22 18:57 <DIR>    d--------   C:\Program Files\DropBox
2008-05-20 20:36 . 2008-05-20 20:36 <DIR>    d--------   C:\Program Files\Windows Live
2008-05-20 20:36 . 2008-05-20 20:36 <DIR>    d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:35 . 2008-05-20 20:35 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 10:57 . 2008-05-20 10:57 <DIR>    d--------   C:\Documents and Settings\Owner\Application Data\FastStone
2008-05-20 10:53 . 2008-04-14 01:12 159,232 --a------   C:\WINDOWS\system32\ptpusd.dll
2008-05-20 10:53 . 2001-08-17 22:36 5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-05-20 08:30 . 2008-04-13 19:45 15,104  --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-20 08:30 . 2008-04-13 19:45 15,104  --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-20 08:29 . 2001-08-17 22:36 87,040  --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-05-20 08:29 . 2001-08-17 22:36 87,040  --a--c---   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-20 08:22 . 2008-05-20 08:22 <DIR>    d--------   C:\Program Files\PrimaScan
2008-05-20 08:22 . 2001-08-22 13:15 245,760 --a------   C:\WINDOWS\system32\viceo.dll
2008-05-20 08:22 . 2000-06-26 02:01 172,095 --a------   C:\WINDOWS\system32\lut.plg
2008-05-20 08:22 . 1996-10-20 07:52 87,392  --a------   C:\WINDOWS\system32\Twain.dll
2008-05-20 08:22 . 1996-10-20 07:52 77,312  --a------   C:\WINDOWS\system32\Twain_32.dll
2008-05-20 08:22 . 1998-06-26 07:07 69,632  --a------   C:\WINDOWS\system32\Twunk_32.exe
2008-05-20 08:22 . 2001-08-22 13:13 61,440  --a------   C:\WINDOWS\system32\gl.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 11:05    272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 07:41    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 07:40    ---------   d-----w C:\Program Files\CyberLink
2008-05-13 01:53    120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53    118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-10 13:24    21,035  ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-09 21:39    ---------   d-----w C:\Program Files\MUSICMATCH
2008-05-09 20:58    ---------   d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-05-09 15:42    ---------   d-----w C:\Program Files\Common Files\InstallShield
2008-05-09 12:22    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 09:39    ---------   d-----w C:\Program Files\Common Files\Logitech
2008-05-09 09:34    ---------   d-----w C:\Program Files\Logitech
2008-05-09 09:10    ---------   d-----w C:\Documents and Settings\Owner\Application Data\My Games
2008-05-08 14:02    203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 04:50    830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-05-07 05:12    1,288,192   ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 14:51    ---------   d-----w C:\Documents and Settings\All Users\Application Data\MediaLife
2008-04-29 12:17    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-29 10:20    15,648  ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19    15,648  ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19    12,960  ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 17:17    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 15:17    ---------   d-----w C:\Documents and Settings\Owner\Application Data\Firaxis Games
2008-04-14 04:42    985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42    11,264  ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41    423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25    1,804   ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16    329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13    92,424  ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13    87,176  ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13    12,168  ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11    997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10    53,279  ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10    4,126   ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10    3,584   ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00    103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30    1,845,632   ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24    2,145,280   ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44    17,664  ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35    24,064  ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31    7,424   ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31    2,023,936   ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30    61,440  ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14    76,800  ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39    438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39    2,897,920   ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39    187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37    208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37    138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27    79,872  ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26    94,208  ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26    12,288  ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26    12,288  ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24    20,480  ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21    733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09    4,096   ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03    63,488  ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03    549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48    1,647,616   ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45    216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23    48,128  ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22    48,128  ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39    884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-03 19:01    434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-03 19:01    156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-03 19:01    142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
2008-03-03 18:52    41,984  ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-03 18:51    69,120  ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-03 18:51    69,120  ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-03 18:50    48,128  ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-03 18:50    45,568  ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-03 18:50    36,352  ----a-w C:\WINDOWS\system32\imgutil.dll
2007-04-23 13:21    269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11    224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30    98,304  ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30    66,048  ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30    315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30    28,672  ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30    212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30    20,480  ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30    19,968  ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
2001-08-22 12:15    245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-22 12:13    61,440  ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-08-22 12:13    32,768  ----a-w C:\WINDOWS\inf\i386\Pmicro.dll
2001-08-03 17:29    13,824  ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2001-07-10 08:59    15,716  ----a-w C:\WINDOWS\inf\i386\Pmxscan.sys
2002-04-16 10:27    5   --sha-w C:\WINDOWS\system32\CdI5T.drv
.

(((((((((((((((((((((((((((((   snapshot_2008-06-29_13.22.02.73   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 12:17:02   2,048   --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 07:24:37   2,048   --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-28 23:22:43   29,926  ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-06-30 07:27:09   29,926  ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2001-07-14 16:32:24   69,632  ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2008-05-16 10:58:04   12,632  ----a-w C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DEC14C-B7ED-4E8D-A44A-2D1BAFE7EDF2}]
            C:\WINDOWS\system32\urqQhFxX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5437FF28-BFF5-4B34-B270-BF061151DEDA}]
            C:\WINDOWS\system32\efcATjkH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9327D8-D95C-488E-86A6-0227FCF5EE81}]
            C:\WINDOWS\system32\ssqRIXrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD1AF197-2F6A-479A-9109-39FCC46BD2B7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7E7307D-A2F6-4A59-8F47-0C757244BCD0}]
            C:\WINDOWS\system32\ljJYqOfE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD2300CC-3036-443C-9FD9-D223AEE9D705}]
            C:\WINDOWS\system32\iifgEtqn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-23 16:06 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 17:48 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 18:04 29744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 01:38 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-28 18:20 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9A9327D8-D95C-488E-86A6-0227FCF5EE81}"= C:\WINDOWS\system32\ssqRIXrr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRIXrr]
ssqRIXrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" /s
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SigmatelSysTrayApp"=sttray.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe 
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE /P24 "EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 01:38]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 01:38]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-09 18:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7322efc2-354d-11dd-a9a0-001e2a44224a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7322efc3-354d-11dd-a9a0-001e2a44224a}]
\Shell\AutoRun\command - D:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb5ba7ce-257d-11dd-8b7a-001e2a44224a}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - CATCHME
*Newly Created Service* - USNJSVC
.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 11:22:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-06-30 12:38:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\shirow80@hotmail.com\SharingMetadata\Working\database_EC00_CF06_CE_D6AC\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-30 12:39:13
ComboFix-quarantined-files.txt  2008-06-30 11:38:48
ComboFix2.txt  2008-06-29 12:22:21
ComboFix3.txt  2008-06-25 14:29:26
ComboFix4.txt  2008-06-23 17:24:12
ComboFix5.txt  2008-06-23 15:45:54

Pre-Run: 122,110,562,304 bytes free
Post-Run: 122,253,103,104 bytes free

361 --- E O F ---   2008-06-28 14:43:41
windows-virus
Edited 11 Years Ago by Nick Evan because: Fixed formatting
1 Contributor
0 Replies
46 Views
Be the first to reply
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.