System is a wreck..
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » System is a wreck..


System is a wreck..Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Shirogetsune
Posted 10/21/2008 12:02 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/21/2008 11:56 AM
Posts: 4, Visits: 0
Had some spyware problems a couple months ago, and thought I had taken care of them but it's back and with a vengence. Solved almost all of my symptons (desktop was replaced, popup about spyware/low virtual memory, links wouldn't open but rather go to a set page online, homepage was replaced...) but I want to make sure the system is clean before I try to diagnose the new problem... a Blue Screen of Death. "BAD_POOL_HEADER" happens every time I try to enable my wireless connection and return to online civilization. Without further ado, here's the log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:13 AM, on 10/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32vsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32otepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32wprovau.dll

O15 - Trusted Zone: *.att.net

O15 - Trusted Zone: http://*.att.net

O15 - Trusted Zone: *.sbcglobal.net

O15 - Trusted Zone: http://*.sbcglobal.net

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224564273085

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32vsvc32.exe

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 10/21/2008 at 11:07 AM

 

Application Version : 4.21.1004

 

Core Rules Database Version : 3603

Trace Rules Database Version: 1589

 

Scan type       : Complete Scan

Total Scan Time : 00:53:49

 

Memory items scanned      : 508

Memory threats detected   : 2

Registry items scanned    : 5317

Registry threats detected : 31

File items scanned        : 20335

File threats detected     : 14

 

Trojan.Unclassified/Uesiuqcr

            C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

            C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

            C:\WINDOWS\Prefetch\UESIUQCR.EXE-38FB783E.pf

 

Trojan.FakeAlert-GetSN

            C:\WINDOWS\SYSTEM32\GETSN32.DLL

            C:\WINDOWS\SYSTEM32\GETSN32.DLL

            HKLM\Software\Classes\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\Implemented Categories

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\InprocServer32

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\InprocServer32#ThreadingModel

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\ProgID

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\Programmable

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\TypeLib

            HKCR\CLSID\{A013E591-B570-4013-A2D6-E8CB72E80FAF}\VERSION

            HKCR\getsn32.msiesn

            HKCR\getsn32.msiesn\Clsid

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}\1.0

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}\1.0\0

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}\1.0\0\win32

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}\1.0\FLAGS

            HKCR\TypeLib\{F4E5A9DD-BDFC-4034-8E7B-60C336EBBA56}\1.0\HELPDIR

            HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A013E591-B570-4013-A2D6-E8CB72E80FAF}

            HKCR\Interface\{33253C2B-A526-4D97-A6CD-5A8DD50E7027}

            HKCR\Interface\{33253C2B-A526-4D97-A6CD-5A8DD50E7027}\ProxyStubClsid

            HKCR\Interface\{33253C2B-A526-4D97-A6CD-5A8DD50E7027}\ProxyStubClsid32

            HKCR\Interface\{33253C2B-A526-4D97-A6CD-5A8DD50E7027}\TypeLib

            HKCR\Interface\{33253C2B-A526-4D97-A6CD-5A8DD50E7027}\TypeLib#Version

 

Rogue.FakeAlert/Wallpaper

            [Wallpaper] C:\WINDOWS\DEFAULT.HTM

            C:\WINDOWS\DEFAULT.HTM

            [Wallpaper] C:\WINDOWS\DEFAULT.HTM

 

Adware.Tracking Cookie

            C:\Documents and Settings\Basil Acid\Cookies\basil acid@tribalfusion[1].txt

            C:\Documents and Settings\Basil Acid\Cookies\basil acid@hentaicounter[1].txt

 

Trojan.DNSChanger-Codec

            HKU\S-1-5-21-1343024091-1202660629-2147175731-1003\Software\GetModule

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#DisplayName

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#UninstallString

 

Adware.AdSponsor/ISM

            C:\Program Files\iCheck\iCheck.exe

            C:\Program Files\iCheck\Uninstall.exe

            C:\Program Files\iCheck

 

Rogue.AntiVirus 2008

            C:\Documents and Settings\Basil Acid\Application Data\RHCTQEJ0E193

 

Trojan.Dropper/Gen

            C:\DOCUMENTS AND SETTINGS\BASIL ACID\~.EXE

 

Trojan.Dropper/Gen-NV

            C:\WINDOWS\BRASTK.EXE

            C:\WINDOWS\SYSTEM32\BRASTK.EXE

 

Rogue.Multi-Dropper/Installer

            C:\WINDOWS\SYSTEM32\SMWIN32.DLL

Thanks you for your help,

Frustrated in Missery/Missouri.

Post #244665
RichieUK
Posted 10/21/2008 12:45 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734
Welcome

Download and scan with CCleaner.
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the 'No Toolbar' 'Slim' version instead of the 'Standard Build'.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.

In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.

* Now click on the 'Registry' tab/button on the left.
* Then click on the 'Scan for issues' button at the bottom.
* If CCleaner displays any issues,click on 'Fix selected issues'.
* You'll then be asked 'Do you want to backup changes to the registry',you must click 'YES'.
* Save the backup somewhere safe,your desktop is a good a place as any.
* Then click 'Fix Issues',then click 'Close'.
* Exit CCleaner.



If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall



Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

_______________________________________________


ASAP & UNITE member since 2006





Spreadfirefox Affiliate Button Get Thunderbird!
Post #244666
Shirogetsune
Posted 10/21/2008 1:22 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 10/21/2008 11:56 AM
Posts: 4, Visits: 0
ComboFix 08-10-19.04 - Basil Acid 2008-10-21 12:49:20.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.898 [GMT -6:00]
Command switches used :: /killall

[COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR]
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Basil Acid\Application Data\inst.exe
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\msansspc.dll

.
(((((((((((((((((((((((((   Files Created from 2008-09-21 to 2008-10-21  )))))))))))))))))))))))))))))))
.

2008-10-21 11:38 . 2008-10-21 11:38 5,082 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-21 10:12 . 2008-10-21 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-21 10:11 . 2008-10-21 10:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-21 10:11 . 2008-10-21 10:11 <DIR> d-------- C:\Documents and Settings\Basil Acid\Application Data\SUPERAntiSpyware.com
2008-10-21 10:10 . 2008-10-21 10:10 <DIR> d-------- C:\Documents and Settings\Basil Acid\Application Data\Windows Desktop Search
2008-10-21 10:09 . 2008-10-21 10:09 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-10-21 10:09 . 2008-10-21 10:09 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-10-21 10:09 . 2008-03-07 11:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-21 10:09 . 2008-03-07 11:02 98,304 -----c--- C:\WINDOWS\system32\dllcachelhtml.dll
2008-10-21 10:09 . 2008-03-07 11:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-21 09:49 . 2008-10-03 11:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-21 09:49 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-21 09:49 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-21 09:49 . 2008-08-26 01:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-21 09:49 . 2008-08-26 01:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-21 09:49 . 2008-08-26 01:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-21 09:49 . 2008-08-26 01:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-21 09:49 . 2008-08-26 01:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-21 09:49 . 2008-08-25 02:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-21 09:41 . 2008-08-14 04:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcachetoskrnl.exe
2008-10-21 09:41 . 2008-08-14 04:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcachetkrnlmp.exe
2008-10-21 09:41 . 2008-08-14 03:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcachetkrnlpa.exe
2008-10-21 09:41 . 2008-08-14 03:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcachetkrpamp.exe
2008-10-21 09:41 . 2008-09-08 04:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-21 09:40 . 2008-09-15 06:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-21 09:39 . 2008-05-01 08:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-21 09:38 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-21 09:37 . 2008-06-13 05:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-21 09:37 . 2008-05-08 08:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-21 09:20 . 2008-10-21 09:20 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-21 09:20 . 2008-10-21 09:20 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-21 09:20 . 2008-10-21 09:20 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-21 09:20 . 2008-10-21 09:20 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-21 09:17 . 2008-10-21 09:17 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-21 09:02 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-10-21 09:02 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-10-21 09:02 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-10-21 09:02 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-10-21 08:42 . 2008-10-21 08:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-21 08:42 . 2008-10-21 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 22:46 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-20 22:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-20 22:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-20 22:46 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-20 22:35 . 2008-10-20 22:35 <DIR> d-------- C:\Program Files\CCleaner
2008-10-20 19:53 . 2008-10-20 19:53 61,952 --a------ C:\WINDOWS\system32\drivers\TDSSvhct.sys
2008-10-20 19:53 . 2008-10-20 19:53 36,864 --a------ C:\WINDOWS\system32\TDSSoiqt.dll
2008-10-20 19:53 . 2008-10-20 19:53 31,232 --a------ C:\WINDOWS\system32\TDSSvkql.dll
2008-10-20 19:53 . 2008-10-20 19:53 29,696 --a------ C:\WINDOWS\system32\TDSShrxx.dll
2008-10-20 19:53 . 2008-10-20 19:53 3,527 --a------ C:\WINDOWS\system32\TDSSlxcp.dll
2008-10-20 19:53 . 2008-10-20 19:53 164 --a------ C:\WINDOWS\system32\TDSSmtve.dat
2008-10-20 19:52 . 2008-10-20 20:47 <DIR> d-------- C:\Documents and Settings\Basil Acid\Application Data\Facegame
2008-10-20 19:52 . 2008-10-20 19:52 216,394 --a------ C:\WINDOWS\system32\wpv693.cpx
2008-10-20 16:09 . 2008-10-20 16:09 <DIR> d-------- C:\Program Files\GameTap
2008-10-20 16:09 . 2008-10-20 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2008-10-19 15:18 . 2008-10-19 15:18 5,097,120 --a------ C:\SetupCloneDVD2920Slysoft.exe
2008-10-19 15:18 . 2008-10-19 15:18 2,665,232 --a------ C:\SetupAnyDVD6476.exe
2008-10-15 14:12 . 2008-10-15 14:12 99,904 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-10-08 03:46 . 2008-10-08 03:46 <DIR> d-------- C:\Documents and Settings\Basil Acid\Application Data\InstallShield
2008-10-07 01:49 . 2008-10-07 01:49 <DIR> d-------- C:\Program Files\GameTap Web Player
2008-10-07 01:48 . 2008-10-07 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
2008-09-23 12:54 . 2008-09-23 13:01 <DIR> d-------- C:\Documents and Settings\Basil Acid\Application Data\SecondLife

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 19:02 --------- d-----w C:\Documents and Settings\Basil Acid\Application Data\uTorrent
2008-10-21 16:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 04:43 --------- d-----w C:\Program Files\FlashGet
2008-10-21 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-20 22:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-20 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 10:10 1,890 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-09-25 02:38 --------- d-----w C:\Program Files\Enterbrain
2008-09-25 02:37 --------- d-----w C:\Program Files\Common Files\Enterbrain
2008-09-16 10:40 1,343,584 ----a-w C:\WINDOWS\system32\drivers\athw.sys
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 15:31 --------- d-----w C:\Program Files\Ascaron Entertainment
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 18:37 --------- d-----w C:\Program Files\NCSoft
2008-09-03 22:08 --------- d-----w C:\Documents and Settings\Basil Acid\Application Data\GetRightToGo
2008-09-03 18:09 --------- d-----w C:\Program Files\Firaxis Games
2008-08-31 14:30 --------- d-----w C:\Program Files\EA GAMES
2008-08-30 19:32 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-29 19:03 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 00:34 --------- d-----w C:\Documents and Settings\Basil Acid\Application Data\SPORE Creature Creator
2008-08-26 15:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 20:15 --------- d-----w C:\Program Files\AVSMedia
2008-08-21 20:14 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-21 20:09 --------- d-----w C:\Program Files\Diablo II
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32toskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32tkrnlpa.exe
2008-08-06 12:38 103,424 ----a-w C:\WINDOWS\system32\SwitchBlade_nat.dll
2008-07-29 16:25 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-23 04:31 88 --sh--r C:\Documents and Settings\All Users\Application Data\BC7595D9C3.sys
2007-11-01 22:24 47,360 ----a-w C:\Documents and Settings\Basil Acid\Application Data\pcouffin.sys
2005-01-27 23:51 400,288 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys
2005-01-27 16:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
2005-01-27 16:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe
2007-01-04 06:57 56 --sh--r C:\WINDOWS\system32\5570A6212C.sys
2007-09-29 17:56 1,734 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-10-17 2223040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-24 219952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2005-04-01 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2005-04-01 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-04-01 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-04-01 455168]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32wiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\soundman.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\Basil Acid\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2005-02-21 4517888]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonotify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSvhct.sys]
@="driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-06-17 120320]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-02-28 78848]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-29 76040]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-06-15 45440]
R3 ousb2hub;OrangeWare USB 2.0 Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-06-15 56960]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 8672]
R3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 102336]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\BASILA~1\LOCALS~1\Temp\cusbohcn.sys [ ]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 14092]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 113762]
S4 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogipkcmsvc.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b6e820-9bbf-11db-a7ec-00055d339e24}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-USRpdA - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Basil Acid\Application Data\Mozilla\Firefox\Profiles\ubn0bkaj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.animepaper.net/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 12:56:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32vsvc32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-21 13:07:29 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-21 19:07:19

Pre-Run: 11,231,776,768 bytes free
Post-Run: 11,218,763,776 bytes free

235

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08, on 2008-10-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32vsvc32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32otepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorr