Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 2.2.2025 / 00:11
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help on the elusive w32.myzor.fk@yf (thanks in advance)
Show topics
 
Forums
Forums
Need help on the elusive w32.myzor.FK@yf (thanks in advance)
  Jump to:
 
Posted Message
Page:12Next >
bellabot
Newbie
_ 		8. July 2006 @ 10:02 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 1:52:06 PM, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe
C:\WINDOWS\RACLE~1\attrib.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\atmclk.exe
C:\PROGRA~1\WNSXS~1\JVAW~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {478B5A12-B0A9-B82B-A342-9A2B5ACE819B} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {478B5A12-B0A9-B82B-A342-9A2B5ACE819B} - (no file)
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5CFE2107C84ED38741BB42EB9E396267B99E2DA7E5D754321 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eits] "C:\WINDOWS\RACLE~1\attrib.exe" -vt yax
O4 - HKCU\..\Run: [Bfe] C:\PROGRA~1\WNSXS~1\JVAW~1.EXE
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/83f976c7de9cb2f2f62eaf8957bf3cd0_...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?2de704c7d...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O20 - Winlogon Notify: efcyyxw - C:\WINDOWS\SYSTEM32\efcyyxw.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
Advertisement
_ 		__
bellabot
Newbie
_ 		8. July 2006 @ 15:27 _ Link to this message    Send private message to this user   
So anyway I went on to do what Tapiiri described for a countless amount of other newbies like myself, and I got out successful for the most part. Here are my three logs in order: HijackThis, ewido, and SmitFraud:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:00 PM, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\RACLE~1\attrib.exe
C:\PROGRA~1\WNSXS~1\JVAW~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {478B5A12-B0A9-B82B-A342-9A2B5ACE819B} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eits] "C:\WINDOWS\RACLE~1\attrib.exe" -vt yax
O4 - HKCU\..\Run: [Bfe] C:\PROGRA~1\WNSXS~1\JVAW~1.EXE
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/83f976c7de9cb2f2f62eaf8957bf3cd0_...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?2de704c7d...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Here's my ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:36:04 PM 08/07/2006

+ Scan result:



C:\Documents and Settings\Alicja Filipiuk\Local Settings\Temporary Internet Files\Content.IE5\W1U7G123\SysProtectScannerInstall[1].exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__v_p_x_n_k_._d_l_l_ -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.


::Report end

And here is my SmitFraud:

SmitFraudFix v2.68b

Scan done at 16:52:52.92, 08/07/2006
Run from C:\Documents and Settings\Alicja Filipiuk\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks for any expert that reads this and lets me know if I'm clean or not. I tried my best, hopefully it paid off.
[ + quote]
JaPK
Senior Member
_ 		8. July 2006 @ 22:18 _ Link to this message    Send private message to this user   
Hi bellabot, good job with the smitfraud cleaning :)

Ok, you still got some other infections on your computer....

Cleaning instructions:

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Go to Control Panel -> Add/Remove programs -> Remove PartyPoker, Zango, ToolBar888, PuritySCAN By OIN, OuterInfo, OIN or similars if found

If PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R3 - URLSearchHook: (no name) - {478B5A12-B0A9-B82B-A342-9A2B5ACE819B} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/83f976c7de9cb2f2f62eaf8957bf3cd0_...
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?2de704c7d...
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\ToolBar888
C:\Program Files\PartyPoker
C:\Program Files\PurityScan
C:\Program Files\Zango

Delete these files (if found):
C:\WINDOWS\system32\alg.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 8. July 2006 @ 22:18
bellabot
Newbie
_ 		9. July 2006 @ 07:12 _ Link to this message    Send private message to this user   
Hi JapK,

I did what you told me, and I just had a pop-up not 5 seconds ago. Here are my logs:

Logfile of HijackThis v1.99.1
Scan saved at 11:08:39 AM, on 09/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:05:21 AM 09/07/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__v_p_x_n_k_._d_l_l_ -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).


::Report end
[ + quote]
JaPK
Senior Member
_ 		9. July 2006 @ 10:48 _ Link to this message    Send private message to this user   
Ok, lets try this...

Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		11. July 2006 @ 21:15 _ Link to this message    Send private message to this user   
Hey JapK,

I'm terribly sorry for the late response. As for the new help you've provided, that URL link doesn't work. I'm either too late or it's dead :(
[ + quote]
JaPK
Senior Member
_ 		12. July 2006 @ 07:27 _ Link to this message    Send private message to this user   
Hi again, sorry about that, try this link instead :)

https://europe.f-secure.com/exclude/blacklight/blbeta.exe
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		13. July 2006 @ 03:35 _ Link to this message    Send private message to this user   
07/13/06 07:32:20 [Info]: BlackLight Engine 1.0.42 initialized
07/13/06 07:32:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/13/06 07:32:20 [Note]: 7019 4
07/13/06 07:32:20 [Note]: 7005 0
07/13/06 07:32:22 [Note]: 7006 0
07/13/06 07:32:22 [Note]: 7011 452
07/13/06 07:32:23 [Note]: 7026 0
07/13/06 07:32:23 [Note]: 7026 0
07/13/06 07:32:27 [Note]: FSRAW library version 1.7.1019
07/13/06 07:33:16 [Note]: 2000 1006
07/13/06 07:34:51 [Note]: 7007 0
[ + quote]
JaPK
Senior Member
_ 		13. July 2006 @ 09:53 _ Link to this message    Send private message to this user   
Ok looks quite good...

There is a new version of smitfraudfix available. Please remove the old version and download the latest version from here -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.


[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		13. July 2006 @ 15:22 _ Link to this message    Send private message to this user   
SmitFraudFix v2.70

Scan done at 19:22:19.53, 13/07/2006
Run from C:\Documents and Settings\Alicja Filipiuk\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alicja Filipiuk\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		13. July 2006 @ 20:18 _ Link to this message    Send private message to this user   
Ok looks clean :) How is the computer running ?

You should update your Java (old version has all kinds of vulnerabilities)

1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
4. After updating, uninstall the old Java (if found) from Add/Remove Programs, named as
J2SE Runtime Environment 5.0 Update 5

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		14. July 2006 @ 14:47 _ Link to this message    Send private message to this user   
Back to the beginning JapK!

When I updated my Java like you told me to, the moment the installation ended, I get spammed with spyware and another Virus alert, another "Your computer is infected" message, another Spyquake popup, another "Security Center" page with the sysprotectionpage.net URL and the usual w32.myzor.FR@yf popup.

I'll do everything you told me to on my first infection once you give me the go. But I'm scratching my head as to what happened again. I was just updating Java.

I'll leave you with a new ewido log I just ran before I left home. Thanks again JapK :)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:43:26 PM 14/07/2006

+ Scan result:



C:\WINDOWS\system32\components\flx4.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
[2664] C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
[ + quote]

This message has been edited since posting. Last time this message was edited on 14. July 2006 @ 14:49
JaPK
Senior Member
_ 		14. July 2006 @ 22:33 _ Link to this message    Send private message to this user   
Argh, looks like you're re-infected :(

Please post a fresh HijackThis log to here too.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		15. July 2006 @ 07:57 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 11:57:22 AM, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\ALICJA~1\APPLIC~1\CROSOF~1.NET\ntvdm.exe
C:\WINDOWS\system32\?ymantec\?srss.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {60E740B5-FA55-F4DA-5D90-874A3CD8F59E} - C:\WINDOWS\system32\naspmbg.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Eits] "C:\DOCUME~1\ALICJA~1\APPLIC~1\CROSOF~1.NET\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Psvtwyva] C:\WINDOWS\system32\?ymantec\?srss.exe
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: bw+0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\svchost.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
JaPK
Senior Member
_ 		16. July 2006 @ 03:42 _ Link to this message    Send private message to this user   
Remove the old version of SmitfraudFix and download the latest version to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		16. July 2006 @ 11:48 _ Link to this message    Send private message to this user   
SmitFraudFix v2.72

Scan done at 15:48:03.15, 16/07/2006
Run from C:\Documents and Settings\Alicja Filipiuk\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alicja Filipiuk\Application Data

C:\Documents and Settings\Alicja Filipiuk\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		16. July 2006 @ 19:43 _ Link to this message    Send private message to this user   
Ok..

Go to Control Panel -> Add/Remove programs -> Remove [bPuritySCAN By OIN, OuterInfo, OIN if found

If PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

Delete the following folder if found:
C:\Program Files\PurityScan

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Post a fresh HjT log and the contents of C:\Rapport.txt to here.

Then we'll continue.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		17. July 2006 @ 03:35 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 7:35:18 AM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: bw+0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\svchost.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


SmitFraudFix v2.72

Scan done at 7:30:30.62, 17/07/2006
Run from C:\Documents and Settings\Alicja Filipiuk\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\pmnqguh.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\Documents and Settings\Alicja Filipiuk\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk Deleted
C:\Program Files\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		17. July 2006 @ 06:29 _ Link to this message    Send private message to this user   
Cleaning instructions:

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\svchost.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\ipwins
C:\Program Files\PurityScan

Delete these files (if found):
C:\WINDOWS\system32\svchost.dll <- be careful with the extension, its is.DLL !

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		17. July 2006 @ 13:49 _ Link to this message    Send private message to this user   
Before I post the log, I couldn't delete svchost.dll. It said it was in use or something. So instead, I quarantined it with ewido. Hope I did the right thing lol.

Anyway here our the logs, thanks again:

Logfile of HijackThis v1.99.1
Scan saved at 5:47:24 PM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: bw+0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:35:45 PM 17/07/2006

+ Scan result:



C:\WINDOWS\system32\__delete_on_reboot__s_v_c_h_o_s_t_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
[1092] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1116] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1200] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1220] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[124] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1268] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1288] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1308] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1412] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1688] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1868] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1980] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[1992] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2004] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2060] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2108] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2136] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2144] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2280] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[240] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2476] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2848] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[288] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[2920] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[3340] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[3736] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[460] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[476] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[524] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[552] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[556] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[576] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[652] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[708] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[756] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[768] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[940] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
[992] C:\WINDOWS\system32\svchost.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\system32\xgxiudao.dll -> Logger.VBStat.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Local Settings\Temporary Internet Files\Content.IE5\4HIVKXAB\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Local Settings\Temporary Internet Files\Content.IE5\O12F4H6V\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@ehg-upperdeck.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Alicja Filipiuk\Cookies\alicja filipiuk@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wingsa32.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
[1128] C:\Program Files\Common Files\{5C7CD191-07DA-4105-0608-050615050002}\Update.exe -> Trojan.Starter.65 : Error during cleaning.


::Report end
[ + quote]
JaPK
Senior Member
_ 		18. July 2006 @ 07:57 _ Link to this message    Send private message to this user   
Ok looks clean now, how is the computer running ?

You had a keylogger (program that logs keystrokes) on your computer so I advice you to change all your online passwords (banking, shopping etc)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
bellabot
Newbie
_ 		19. July 2006 @ 17:02 _ Link to this message    Send private message to this user   
It works very well, thanks again lol. Very appreciated, props to you.
[ + quote]
bellabot
Newbie
_ 		19. July 2006 @ 19:19 _ Link to this message    Send private message to this user   
Just noticed my first sign of something unusual:

I get this link in a new window:

http://scanner.sysprotect.com/pages/scanner/?p=20&ex=1&ax=2&aid=n...

About some add/remove stuff, then when I close it I get a SysProtect message to install it. When I close that, I get another SysProtect window saying it'll scan right now and that I should run it when prompted. When I close that, my IE page goes to http://scanner.sysprotect.com/pages/scanner/download2.php?resize=... and turns into a smaller window as if it pretended to be a popup.

That's all I get, and I get it a few times a day.
[ + quote]

This message has been edited since posting. Last time this message was edited on 19. July 2006 @ 19:20
JaPK
Senior Member
_ 		20. July 2006 @ 07:48 _ Link to this message    Send private message to this user   
Ok, I guess that you're not clean yet :/

Download RootkitRevealer.zip -> http://www.sysinternals.com/Files/RootkitRevealer.zip
* Create a new folder named RKR to your C-drive, C:\
* Extract all of the RootkitRevealer.zip file contents to C:\RKR folder
* Open C:\RKR folder and doubleclick RootkitRevealer.exe file
* Click Scan button and wait for the scanning to end
* NOTE! Don't use your computer when the scan is in progress
* When the scan has finished, click on File
* Then click on the Save button
* Save the RootkitRevealer log to your desktop

Then, rename HijackThis.exe to Scanner.exe and run a fresh scan with Scanner.exe(HijackThis). Then post its log to here.

Post the RootkitRevealer log to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Advertisement
_ 		__
 
_
bellabot
Newbie
_ 		20. July 2006 @ 08:46 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 12:44:39 PM, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HJT\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19BE6796-F2B5-4C84-96EE-6B1BC3568C38} - C:\WINDOWS\system32\pmkjj.dll
O2 - BHO: (no name) - {478B5A12-B0A9-B82B-A342-9A2B5ACE819B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfs...
O18 - Protocol: bw+0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8FB3DE78-40BB-4244-8479-265FC5556C64} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


HKLM\SYSTEM\ControlSet001\Services\d347prtt\Cfg\0Jf40 20/07/2006 12:18 PM 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060719.024\vscanmsx.dat 20/07/2006 12:32 PM 2.02 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 20/07/2006 12:20 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
[ + quote]
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help on the elusive w32.myzor.fk@yf (thanks in advance)
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork