Annoying virus - please help!!!

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 6.9.2025 / 08:51

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > annoying virus - please help!!!

Browse by topic

Forums

Start a new thread

Annoying virus - please help!!!

Jump to:

Posted

Message

sierra76

Junior Member

1. August 2007 @ 15:57

Link to this message

That?s the first time I have trouble getting rid of a virus and I rally need your help. Antivirus detects infections all the time and even when I delete one a new one comes up right away. Getting on the internet is only possible by clicking an address hyperlink in MS Word otherwise it says that the webpage can not be displayed. I would really appreciate any help with this issue. Thanks. Some of the infections:
C:\WINDOWS\system32\ksnccaam.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\jkklj.dll

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:26 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif

--
End of file - 7732 bytes

[ + quote]

Auttaja

Suspended permanently

3. August 2007 @ 00:20

Link to this message

Please download VundoFix.exeto your desktop.
* Double-click *VundoFix.exe* to run it.
* Click the *Scan for Vundo* button.
* Once it's done scanning, click the *Remove Vundo* button.
* You will receive a prompt asking if you want to remove the files, click "YES"
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click *OK*.
* Please post the contents of C:\*vundofix.txt* Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

=======

Rename HijackThis .exe

1. Right click on the HijackThis icon.

2. Select Rename.

3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
Hit the enter key on keyboard.

Double click on Scanner.exe.
Click on Do a system scan and save a logfile. Post log in next reply.

[ + quote]

Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

sierra76

Junior Member

3. August 2007 @ 09:12

Link to this message

Hey Auttaja. I got myself into trouble again with my laptop but this time it?s totally thanx to my friend. I did exactly what you directed me to do but still there is the same problem when I log into the Widows. Thank you for helping me again.

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:05:05 AM 8/3/2007

Listing files found while scanning....

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:06:08 AM 8/3/2007

Listing files found while scanning....

C:\windows\system32\awtst.dll
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.ini
C:\windows\system32\jaovafsk.exe
C:\windows\system32\jkklj.dll
C:\windows\system32\ljjjifc.dll
C:\WINDOWS\system32\mljge.dll
C:\windows\system32\rxixmsdo.exe
C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.bak2
C:\windows\system32\tstwa.ini
C:\windows\system32\tstwa.ini2
C:\windows\system32\tstwa.tmp
C:\WINDOWS\system32\urqpooo.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.ini

Beginning removal...

Attempting to delete C:\windows\system32\awtst.dll
C:\windows\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\jaovafsk.exe
C:\windows\system32\jaovafsk.exe Could not be deleted.

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjjifc.dll
C:\windows\system32\ljjjifc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Could not be deleted.

Attempting to delete C:\windows\system32\rxixmsdo.exe
C:\windows\system32\rxixmsdo.exe Has been deleted!

Attempting to delete C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\tstwa.bak2
C:\windows\system32\tstwa.bak2 Has been deleted!

Attempting to delete C:\windows\system32\tstwa.ini
C:\windows\system32\tstwa.ini Has been deleted!

Attempting to delete C:\windows\system32\tstwa.ini2
C:\windows\system32\tstwa.ini2 Has been deleted!

Attempting to delete C:\windows\system32\tstwa.tmp
C:\windows\system32\tstwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpooo.dll
C:\WINDOWS\system32\urqpooo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:13:34 AM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll
C:\windows\system32\jaovafsk.exe
C:\windows\system32\urqpooo.dll

Beginning removal...

Attempting to delete C:\windows\system32\jaovafsk.exe
C:\windows\system32\jaovafsk.exe Has been deleted!

Attempting to delete C:\windows\system32\urqpooo.dll
C:\windows\system32\urqpooo.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:27:02 AM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll
C:\windows\system32\mljge.dll

Beginning removal...

Attempting to delete C:\windows\system32\mljge.dll
C:\windows\system32\mljge.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 12:08:28 PM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:41 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {107CF975-BB67-4567-AB65-3471A90C2CCA} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {2DC6AE67-6002-43FC-8A5A-9AB63C732E9C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A563E6C0-DE1D-46B4-A01D-B2BD1EB6DD68} - (no file)
O2 - BHO: (no name) - {B7A71404-F8F2-4D0F-B8C2-75911F687EF6} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: (no name) - {FC60387F-8F44-4824-9AC9-481D595C9D60} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif

--
End of file - 8409 bytes

[ + quote]

Auttaja

Suspended permanently

3. August 2007 @ 22:53

Link to this message

Download and Run ComboFix
*Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

*Then double click combofix.exe & follow the prompts.
*When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[ + quote]

sierra76

Junior Member

4. August 2007 @ 05:24

Link to this message

ComboFix 07-08-04.3 - "Owner" 2007-08-04 8:47:59.1 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\APPLIC~1\winantiviruspro2007freeinstall[1].exe
C:\WINDOWS\system32\ntkhpvfo.exe
C:\WINDOWS\system32\sypfpqex.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))

2007-08-04 00:15 d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech
2007-08-04 00:09 68,992 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys
2007-08-04 00:09 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-08-04 00:09 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-04 00:08 94,208 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-08-04 00:08 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-08-04 00:08 65,536 --a------ C:\WINDOWS\system32\KemXML.dll
2007-08-04 00:08 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-08-04 00:08 249,921 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-08-04 00:08 143,360 --a------ C:\WINDOWS\system32\kemutb.dll
2007-08-04 00:06 d-------- C:\Program Files\Logitech
2007-08-03 09:05 d-------- C:\VundoFix Backups
2007-08-01 21:33 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat
2007-07-31 22:10 1,013,432 --ahs---- C:\WINDOWS\system32\wyadd.bak1
2007-07-31 10:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-31 10:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-31 10:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-31 10:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-31 10:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-31 10:23 d-------- C:\Program Files\Spyware Doctor
2007-07-29 20:54 1,016,719 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-07-29 12:51 d-------- C:\Program Files\Common Files\TiVo Shared
2007-07-29 12:31 d-------- C:\Program Files\Windows Installer Clean Up
2007-07-29 12:31 d-------- C:\Program Files\MSECACHE
2007-07-29 12:05 d-------- C:\Program Files\Roxio
2007-07-29 12:05 d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-29 12:05 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-07-29 09:15 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-07-27 16:45 d-------- C:\adaptec
2007-07-13 07:13 d-------- C:\Program Files\RegCure
2007-07-10 14:09 d-------- C:\!KillBox
2007-07-10 13:24 d-------- C:\Deckard
2007-07-10 09:00 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-10 04:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 04:49 d-------- C:\Program Files\Trend Micro
2007-07-10 04:41 d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-07-10 04:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-10 04:37 d-------- C:\Program Files\Comodo
2007-07-10 04:08 82,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-10 04:08 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-07 07:59 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 00:08 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-02 16:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725(2).sys
2007-08-01 11:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-07-31 14:37 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725.sys
2007-07-29 12:52 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-29 09:16 --------- d-------- C:\Program Files\Sonic
2007-07-27 18:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 18:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 18:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 18:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 17:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 17:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 17:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-10 10:18 --------- d-------- C:\Program Files\Winamp
2007-07-10 10:18 --------- d-------- C:\Program Files\Webroot
2007-07-10 10:14 --------- d-------- C:\Program Files\MSN Messenger
2007-07-10 10:11 --------- d-------- C:\Program Files\Digital Media Reader
2007-07-10 04:23 2180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-10 04:23 1388 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-10 03:49 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-28 13:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-04 08:29 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-11-20 19:49 49 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb41.dat
2006-11-20 19:49 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1478.dat
2006-11-20 19:45 69632 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7460.dat
2006-11-20 19:45 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2240.dat
2006-11-20 19:45 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4848.dat
2006-11-20 19:45 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4352.dat
2006-11-18 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3502.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8885.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8388.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4023.dat
2006-11-15 18:41 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5724.dat
2006-11-15 18:41 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7810.dat
2006-11-15 18:41 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4600.dat
2006-11-15 18:41 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2636.dat
2006-11-15 18:41 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6878.dat
2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6908.dat
2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3734.dat
2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7273.dat
2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb720.dat
2006-11-10 16:07 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6500.dat
2006-11-10 16:07 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5685.dat
2006-11-10 16:07 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1085.dat
2006-11-10 16:07 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3633.dat
2006-11-10 16:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1749.dat
2006-11-10 15:28 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb9169.dat
2006-11-10 14:49 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6089.dat
2006-11-10 14:49 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6167.dat
2006-11-10 14:49 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1198.dat
2006-11-10 14:49 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2662.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6515.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5590.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb427.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3693.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8537.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7287.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb631.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5665.dat
2006-11-04 14:01 382 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1942.dat
2006-11-04 13:46 177152 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4827.dat
2006-11-04 13:46 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1469.dat
2006-11-04 13:46 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5436.dat
2006-11-04 13:46 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4604.dat
2006-11-01 22:23 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8253.dat
2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2391.dat
2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb153.dat
2006-10-06 14:33 9216 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8467.dat
2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6334.dat
2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3902.dat
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{107CF975-BB67-4567-AB65-3471A90C2CCA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6AE67-6002-43FC-8A5A-9AB63C732E9C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A563E6C0-DE1D-46B4-A01D-B2BD1EB6DD68}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7A71404-F8F2-4D0F-B8C2-75911F687EF6}]
C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC60387F-8F44-4824-9AC9-481D595C9D60}]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 18:20]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 18:20]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 20:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-02 15:34]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-13 16:55]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 14:29]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-10 04:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"Logitech BT Wizard"="LBTWiz.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-04 00:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-29 16:44:44]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-04 00:09:51]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-04 00:08:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2005-09-06 02:44 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camcaud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
S3 Audddin;Audddin;C:\WINDOWS\system32\drivers\asctrm.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361;\??\C:\WINDOWS\System32\Drivers\EMcFilt.sys
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
S3 LHidUsbK;SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

*Newly Created Service* - LBTSERV

Contents of the 'Scheduled Tasks' folder
2007-08-04 04:13:07 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-07-13 11:16:14 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 08:56:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 8:57:38
C:\ComboFix-quarantined-files.txt ... 2007-08-04 08:57
C:\ComboFix2.txt ... 2007-07-10 08:49
C:\ComboFix3.txt ... 2007-07-10 05:11

--- E O F ---

[ + quote]

Auttaja

Suspended permanently

4. August 2007 @ 14:33

Link to this message

1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
*Windows Temp
*Current User Temp
*All Users Temp
*Temporary Internet Files
*Prefetch
*Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

=========

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{107CF975-BB67-4567-AB65-3471A90C2CCA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6AE67-6002-43FC-8A5A-9AB63C732E9C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A563E6C0-DE1D-46B4-A01D-B2BD1EB6DD68}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7A71404-F8F2-4D0F-B8C2-75911F687EF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC60387F-8F44-4824-9AC9-481D595C9D60}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo]

Save this as CFScript. (Check the spelling)

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Post also fresh hijackthislog

[ + quote]

sierra76

Junior Member

4. August 2007 @ 20:32

Link to this message

ComboFix 07-08-04.3 - "Owner" 2007-08-04 22:19:42.2 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript..txt
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))

2007-08-04 00:09 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-04 00:06 d-------- C:\Program Files\Logitech
2007-08-03 09:05 d-------- C:\VundoFix Backups
2007-08-01 21:33 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat
2007-07-31 22:10 1,013,432 --ahs---- C:\WINDOWS\system32\wyadd.bak1
2007-07-31 10:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-31 10:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-31 10:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-31 10:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-31 10:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-31 10:23 d-------- C:\Program Files\Spyware Doctor
2007-07-29 20:54 1,016,719 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-07-29 12:51 d-------- C:\Program Files\Common Files\TiVo Shared
2007-07-29 12:31 d-------- C:\Program Files\Windows Installer Clean Up
2007-07-29 12:31 d-------- C:\Program Files\MSECACHE
2007-07-29 12:05 d-------- C:\Program Files\Roxio
2007-07-29 12:05 d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-29 12:05 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-07-29 09:15 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-07-27 16:45 d-------- C:\adaptec
2007-07-13 07:13 d-------- C:\Program Files\RegCure
2007-07-10 14:09 d-------- C:\!KillBox
2007-07-10 13:24 d-------- C:\Deckard
2007-07-10 09:00 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-10 04:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 04:49 d-------- C:\Program Files\Trend Micro
2007-07-10 04:41 d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-07-10 04:41 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-10 04:37 d-------- C:\Program Files\Comodo
2007-07-10 04:08 82,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-10 04:08 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-07 07:59 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 21:57 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-02 16:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725(2).sys
2007-08-01 11:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-07-31 14:37 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725.sys
2007-07-29 12:52 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-29 09:16 --------- d-------- C:\Program Files\Sonic
2007-07-27 18:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 18:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 18:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 18:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 17:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 17:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 17:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-10 10:18 --------- d-------- C:\Program Files\Winamp
2007-07-10 10:18 --------- d-------- C:\Program Files\Webroot
2007-07-10 10:14 --------- d-------- C:\Program Files\MSN Messenger
2007-07-10 10:11 --------- d-------- C:\Program Files\Digital Media Reader
2007-07-10 04:23 2180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-10 04:23 1388 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-10 03:49 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-28 13:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-11-20 19:49 49 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb41.dat
2006-11-20 19:49 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1478.dat
2006-11-20 19:45 69632 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7460.dat
2006-11-20 19:45 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2240.dat
2006-11-20 19:45 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4848.dat
2006-11-20 19:45 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4352.dat
2006-11-18 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3502.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8885.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8388.dat
2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4023.dat
2006-11-15 18:41 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5724.dat
2006-11-15 18:41 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7810.dat
2006-11-15 18:41 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4600.dat
2006-11-15 18:41 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2636.dat
2006-11-15 18:41 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6878.dat
2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6908.dat
2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3734.dat
2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7273.dat
2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb720.dat
2006-11-10 16:07 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6500.dat
2006-11-10 16:07 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5685.dat
2006-11-10 16:07 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1085.dat
2006-11-10 16:07 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3633.dat
2006-11-10 16:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1749.dat
2006-11-10 15:28 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb9169.dat
2006-11-10 14:49 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6089.dat
2006-11-10 14:49 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6167.dat
2006-11-10 14:49 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1198.dat
2006-11-10 14:49 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2662.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6515.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5590.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb427.dat
2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3693.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8537.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7287.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb631.dat
2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5665.dat
2006-11-04 14:01 382 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1942.dat
2006-11-04 13:46 177152 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4827.dat
2006-11-04 13:46 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1469.dat
2006-11-04 13:46 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5436.dat
2006-11-04 13:46 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4604.dat
2006-11-01 22:23 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8253.dat
2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2391.dat
2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb153.dat
2006-10-06 14:33 9216 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8467.dat
2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6334.dat
2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3902.dat
2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 18:20]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 18:20]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 20:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-02 15:34]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-13 16:55]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 14:29]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-10 04:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-04 00:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-29 16:44:44]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-04 00:09:51]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camcaud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
S3 Audddin;Audddin;C:\WINDOWS\system32\drivers\asctrm.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361;\??\C:\WINDOWS\System32\Drivers\EMcFilt.sys
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 LHidUsbK;SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

Contents of the 'Scheduled Tasks' folder
2007-08-05 01:58:24 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-07-13 11:16:14 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 22:25:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000032c

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 22:26:38
C:\ComboFix-quarantined-files.txt ... 2007-08-04 22:26
C:\ComboFix2.txt ... 2007-08-04 08:57
C:\ComboFix3.txt ... 2007-07-10 08:49

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:17 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
O18 - Protocol: bw+0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif

--
End of file - 20087 bytes

[ + quote]

Auttaja

Suspended permanently

4. August 2007 @ 20:52

Link to this message

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
* Back at the main window, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' i at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

at the right, and the scan will start.
his will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply

[ + quote]

sierra76

Junior Member

5. August 2007 @ 11:48

Link to this message

isys32.exe;C:\!KillBox;Trojan.DownLoader.24790;Deleted.;
winantiviruspro2007freeinstall[1].exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1;Trojan.DownLoader.10963;Deleted.;
ntkhpvfo.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
sypfpqex.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
A0117879.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.;
A0117880.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.DownLoader.26570;Deleted.;
A0117881.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.DownLoader.26570;Deleted.;
A0117882.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.;
A0117883.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.;
A0117951.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Winpop;Deleted.;
A0117952.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.LowZones.267;Deleted.;
A0117953.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Winpop;Deleted.;
A0117954.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.MulDrop.8200;Deleted.;
A0117960.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.DownLoader.24772;Deleted.;
A0117961.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Adware.Duncan.33;Incurable.Moved.;
A0117962.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Virtumod;Deleted.;
A0117963.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Virtumod;Deleted.;
A0117994.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.;
A0118006.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.;
A0118028.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.;
A0118036.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.;
A0118038.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0118041.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0118058.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0118060.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.;
A0118061.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0118065.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119183.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119189.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119190.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119191.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119192.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.;
A0119204.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.;
A0119205.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119219.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119249.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119258.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.;
A0119528.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.DownLoader.10963;Deleted.;
A0119529.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.Virtumod;Deleted.;
A0119530.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.Virtumod;Deleted.;
A0120756.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP554;Trojan.DownLoader.24790;Deleted.;
awtst.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jaovafsk.exe.bad;C:\VundoFix Backups;Trojan.DownLoader.26570;Deleted.;
jkklj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ljjjifc.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mljge.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rxixmsdo.exe.bad;C:\VundoFix Backups;Trojan.DownLoader.26570;Deleted.;
urqpooo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

[ + quote]

Auttaja

Suspended permanently

6. August 2007 @ 00:47

Link to this message

Please download Deckard's System Scanner to your Desktop

* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Please post Main.txt and Extra.txt

[ + quote]

sierra76

Junior Member

6. August 2007 @ 06:41

Link to this message

Deckard's System Scanner v20070804.61
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 1: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 479.36 MiB / 120.12 MiB
Pagefile Memory (total/avail): 1120.6 MiB / 839.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1961.93 MiB

C: is Fixed (NTFS) - 70.95 GiB total, 20.83 GiB free.
D: is Fixed (FAT32) - 3.56 GiB total, 0.83 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: avast! antivirus 4.7.1029 [VPS 000763-6] v4.7.1029 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\MIKEY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=MIKEY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator.MIKEY (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E89658-5D6B-4F0D-B72B-57863C3AD06C}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Conexant AC-Link Audio --> CIAunwdm.exe
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A607AC66-0C76-4519-9751-E12A93BF8EB2}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
KeyRipper 3.1 --> C:\PROGRA~1\DSSEVO~1.COM\KEYRIP~1\Setup.exe /remove /q0
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9 AddRemoveCPRun
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Roxio Easy Media Creator 7 --> MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wheel of Fortune Deluxe (remove only) --> C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Uninstall Wheel of Fortune Deluxe.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s

-- Application Event Log -------------------------------------------------------

Event ID #2052: Warning
Event Submitted/Written: 08/06/2007 00:04:00 AM
Event Source: Userenv
Event Description:
Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #2050: Warning
Event Submitted/Written: 08/05/2007 03:32:07 PM
Event Source: Userenv
Event Description:
Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #2049: Error
Event Submitted/Written: 08/05/2007 09:24:55 AM
Event Source: Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module sphoneparser.dll, version 1.0.1.126, fault address 0x000484a4.
Processing media-specific event for [iexplore.exe!ws!]

Event ID #2045: Warning
Event Submitted/Written: 08/04/2007 09:55:23 PM
Event Source: Userenv
Event Description:
Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #2043: Warning
Event Submitted/Written: 08/04/2007 09:04:52 AM
Event Source: Userenv
Event Description:
Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event ID #39453: Error
Event Submitted/Written: 08/06/2007 08:26:21 AM
Event Source: Service Control Manager
Event Description:
The avast! Web Scanner service terminated with the following error:
%%10049

Event ID #39444: Error
Event Submitted/Written: 08/06/2007 08:26:21 AM
Event Source: Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg

Event ID #39443: Error
Event Submitted/Written: 08/06/2007 08:26:21 AM
Event Source: Service Control Manager
Event Description:
The Cdralw2k service failed to start due to the following error:
%%1058

Event ID #39442: Error
Event Submitted/Written: 08/06/2007 08:26:21 AM
Event Source: Service Control Manager
Event Description:
The Logitech Bluetooth Service service failed to start due to the following error:
%%2

Event ID #39437: Warning
Event Submitted/Written: 08/06/2007 00:03:58 AM
Event Source: Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

-- End of Deckard's System Scanner: finished at 2007-08-06 at 10:35:21 ---------

---------------------------------------------------------------------

Deckard's System Scanner v20070804.61
Run by Owner on 2007-08-06 at 10:33:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
47: 2007-08-06 14:33:09 UTC - RP556 - Deckard's System Scanner Restore Point
46: 2007-08-06 13:18:01 UTC - RP555 - System Checkpoint
45: 2007-08-05 02:19:27 UTC - RP554 - ComboFix created restore point
44: 2007-08-04 12:47:46 UTC - RP553 - ComboFix created restore point
43: 2007-08-04 04:09:32 UTC - RP552 - Installed Logitech Desktop Messenger

-- First Restore Point --
1: 2007-07-12 20:30:44 UTC - RP510 - System Checkpoint

Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:17 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab
O18 - Protocol: bw+0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif

--
End of file - 20087 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070710-045014-259 O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
backup-20070712-015310-719 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys CD-R Helper Drivers>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 EMCFILT (Alcor Micro Corp for Emachine- 9361) - c:\windows\system32\drivers\emcfilt.sys
S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing)
S2 Roxio Upnp Server 9 -
S2 RoxLiveShare9 (LiveShare P2P Server 9) -
S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe"
S3 Audddin - c:\windows\system32\drivers\asctrm.sys
S3 Roxio UPnP Renderer 9 -
S3 stllssvr -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_2029161F&REV_01\4&22270378&0&30F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_2029161F&REV_01\4&22270378&0&30F0
Service: bcm4sbxp

-- Scheduled Tasks -------------------------------------------------------------

2007-08-06 08:26:03 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-07-13 07:16:14 372 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2007-08-05 09:34:16 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-08-04 00:06:05 0 d-------- C:\Program Files\Logitech
2007-08-03 09:05:05 0 d-------- C:\VundoFix Backups
2007-08-01 21:33:01 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat
2007-07-31 22:10:56 1013432 --ahs---- C:\WINDOWS\system32\wyadd.bak1
2007-07-31 10:23:48 0 d-------- C:\Program Files\Spyware Doctor
2007-07-29 20:54:02 1016719 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-07-29 12:51:19 0 d-------- C:\Program Files\Common Files\TiVo Shared
2007-07-29 12:31:59 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-07-29 12:31:35 0 d-------- C:\Program Files\MSECACHE
2007-07-29 12:05:12 0 d-------- C:\Program Files\Roxio
2007-07-29 12:05:10 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-07-29 12:05:09 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-07-27 16:45:51 0 d-------- C:\adaptec
2007-07-13 07:13:14 0 d-------- C:\Program Files\RegCure
2007-07-10 14:09:26 0 d-------- C:\!KillBox
2007-07-10 13:20:44 0 d-------- C:\Program Files\Common Files\Java
2007-07-10 09:00:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-10 04:49:04 0 d-------- C:\Program Files\Trend Micro
2007-07-10 04:41:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2007-07-10 04:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-07-10 04:37:58 0 d-------- C:\Program Files\Comodo
2007-07-10 04:08:16 3360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-10 04:08:16 82464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

-- Find3M Report ---------------------------------------------------------------

2007-08-04 21:57:57 0 d-------- C:\Program Files\Common Files\Logitech
2007-08-02 14:31:49 0 d-------- C:\Program Files\Common Files
2007-08-01 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-07-29 12:52:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-29 09:16:22 0 d-------- C:\Program Files\Sonic
2007-07-10 13:21:29 0 d-------- C:\Program Files\Java
2007-07-10 10:18:26 0 d-------- C:\Program Files\Winamp
2007-07-10 10:18:09 0 d-------- C:\Program Files\Webroot
2007-07-10 10:14:53 0 d-------- C:\Program Files\MSN Messenger
2007-07-10 10:11:38 0 d-------- C:\Program Files\Digital Media Reader
2007-07-10 03:49:26 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-28 13:02:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/26/2004 06:20 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/26/2004 06:20 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [05/26/2004 08:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/02/2006 03:34 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 06:03 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 03:25 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 03:45 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [01/26/2005 07:02 PM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/13/2005 04:55 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [03/08/2005 10:13 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [02/13/2007 02:29 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [07/10/2007 04:37 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [06/14/2007 06:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 02:31 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 12:57 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [08/04/2007 12:09 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/29/2006 4:44:44 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [8/4/2007 12:09:51 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

-- End of Deckard's System Scanner: finished at 2007-08-06 at 10:35:21 ---------

[ + quote]

Auttaja

Suspended permanently

7. August 2007 @ 09:08

Link to this message

Open control panel and there add/remove programs.. remove this

RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

========

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

* Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

* Make your Internet Explorer more secure - This can be done by following these simple instructions:
* From within Internet Explorer click on the Tools menu and then click on Options.
* Click once on the Security tab
* Click once on the Internet icon so it becomes highlighted.
* Click once on the Custom Level button.
* Change the Download signed ActiveX controls to Prompt

* Change the Download unsigned ActiveX controls to Disable

* Change the Initialize and script ActiveX controls not marked as safe to Disable

* Change the Installation of desktop items to Prompt

* Change the Launching programs and files in an IFRAME to Prompt

* Change the Navigate sub-frames across different domains to Prompt

* When all these settings have been made, click on the OK button.

* If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Next press the Apply button and then the OK to exit the Internet Properties page.
* Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

* Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

* Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

* Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

* Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

* Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

Instructions for - Spybot S & D and Ad-aware

* Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

* Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

* IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
* MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
* Google Toolbar <= Get the free google toolbar to help stop pop up windows.
* Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[ + quote]

This message has been edited since posting. Last time this message was edited on 7. August 2007 @ 09:09

sierra76

Junior Member

8. August 2007 @ 10:26

Link to this message

Thank you for helping me again Auttaja. You?re #1. Thanks

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > annoying virus - please help!!!


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.