That’s the first time I have trouble getting rid of a virus and I rally need your help. Antivirus detects infections all the time and even when I delete one a new one comes up right away. Getting on the internet is only possible by clicking an address hyperlink in MS Word otherwise it says that the webpage can not be displayed. I would really appreciate any help with this issue. Thanks. Some of the infections: C:\WINDOWS\system32\ksnccaam.dll C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\pmkhf.dll C:\WINDOWS\system32\jkklj.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:26 PM, on 8/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\Explorer.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif -- End of file - 7732 bytes
Please download VundoFix.exeto your desktop. * Double-click *VundoFix.exe* to run it. * Click the *Scan for Vundo* button. * Once it's done scanning, click the *Remove Vundo* button. * You will receive a prompt asking if you want to remove the files, click "YES" * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click *OK*. * Please post the contents of C:\*vundofix.txt* Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot. ======= Rename HijackThis.exe 1. Right click on the HijackThis icon. 2. Select Rename. 3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing. Hit the enter key on keyboard. Double click on Scanner.exe. Click on Do a system scan and save a logfile. Post log in next reply.
Hey Auttaja. I got myself into trouble again with my laptop but this time it’s totally thanx to my friend. I did exactly what you directed me to do but still there is the same problem when I log into the Widows. Thank you for helping me again. VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 9:05:05 AM 8/3/2007 Listing files found while scanning.... VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 9:06:08 AM 8/3/2007 Listing files found while scanning.... C:\windows\system32\awtst.dll C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\egjlm.bak1 C:\WINDOWS\system32\egjlm.ini C:\windows\system32\jaovafsk.exe C:\windows\system32\jkklj.dll C:\windows\system32\ljjjifc.dll C:\WINDOWS\system32\mljge.dll C:\windows\system32\rxixmsdo.exe C:\windows\system32\tstwa.bak1 C:\windows\system32\tstwa.bak2 C:\windows\system32\tstwa.ini C:\windows\system32\tstwa.ini2 C:\windows\system32\tstwa.tmp C:\WINDOWS\system32\urqpooo.dll C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.ini Beginning removal... Attempting to delete C:\windows\system32\awtst.dll C:\windows\system32\awtst.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\egjlm.bak1 C:\WINDOWS\system32\egjlm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\egjlm.ini C:\WINDOWS\system32\egjlm.ini Has been deleted! Attempting to delete C:\windows\system32\jaovafsk.exe C:\windows\system32\jaovafsk.exe Could not be deleted. Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Has been deleted! Attempting to delete C:\windows\system32\ljjjifc.dll C:\windows\system32\ljjjifc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\mljge.dll Could not be deleted. Attempting to delete C:\windows\system32\rxixmsdo.exe C:\windows\system32\rxixmsdo.exe Has been deleted! Attempting to delete C:\windows\system32\tstwa.bak1 C:\windows\system32\tstwa.bak1 Has been deleted! Attempting to delete C:\windows\system32\tstwa.bak2 C:\windows\system32\tstwa.bak2 Has been deleted! Attempting to delete C:\windows\system32\tstwa.ini C:\windows\system32\tstwa.ini Has been deleted! Attempting to delete C:\windows\system32\tstwa.ini2 C:\windows\system32\tstwa.ini2 Has been deleted! Attempting to delete C:\windows\system32\tstwa.tmp C:\windows\system32\tstwa.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\urqpooo.dll C:\WINDOWS\system32\urqpooo.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\yycdd.ini C:\WINDOWS\system32\yycdd.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 9:13:34 AM 8/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyy.dll C:\windows\system32\jaovafsk.exe C:\windows\system32\urqpooo.dll Beginning removal... Attempting to delete C:\windows\system32\jaovafsk.exe C:\windows\system32\jaovafsk.exe Has been deleted! Attempting to delete C:\windows\system32\urqpooo.dll C:\windows\system32\urqpooo.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 9:27:02 AM 8/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyy.dll C:\windows\system32\mljge.dll Beginning removal... Attempting to delete C:\windows\system32\mljge.dll C:\windows\system32\mljge.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 12:08:28 PM 8/3/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyy.dll Beginning removal... Performing Repairs to the registry. Done! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:03:41 PM, on 8/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {107CF975-BB67-4567-AB65-3471A90C2CCA} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {2DC6AE67-6002-43FC-8A5A-9AB63C732E9C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {A563E6C0-DE1D-46B4-A01D-B2BD1EB6DD68} - (no file) O2 - BHO: (no name) - {B7A71404-F8F2-4D0F-B8C2-75911F687EF6} - C:\WINDOWS\system32\mljge.dll (file missing) O2 - BHO: (no name) - {FC60387F-8F44-4824-9AC9-481D595C9D60} - C:\WINDOWS\system32\ddcyy.dll (file missing) O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ddayw - C:\WINDOWS\ O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing) O20 - Winlogon Notify: vtsqo - C:\WINDOWS\ O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif -- End of file - 8409 bytes
Download and Run ComboFix *Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe *Then double click combofix.exe & follow the prompts. *When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix 07-08-04.3 - "Owner" 2007-08-04 8:47:59.1 [GMT -4:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\APPLIC~1\winantiviruspro2007freeinstall[1].exe C:\WINDOWS\system32\ntkhpvfo.exe C:\WINDOWS\system32\sypfpqex.exe C:\WINDOWS\wr.txt ((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 ))))))))))))))))))))))))))))))) 2007-08-04 00:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech 2007-08-04 00:09 68,992 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys 2007-08-04 00:09 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-08-04 00:09 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-08-04 00:08 94,208 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-08-04 00:08 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-08-04 00:08 65,536 --a------ C:\WINDOWS\system32\KemXML.dll 2007-08-04 00:08 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-08-04 00:08 249,921 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2007-08-04 00:08 143,360 --a------ C:\WINDOWS\system32\kemutb.dll 2007-08-04 00:06 <DIR> d-------- C:\Program Files\Logitech 2007-08-03 09:05 <DIR> d-------- C:\VundoFix Backups 2007-08-01 21:33 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat 2007-07-31 22:10 1,013,432 --ahs---- C:\WINDOWS\system32\wyadd.bak1 2007-07-31 10:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-07-31 10:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-07-31 10:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-07-31 10:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-07-31 10:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-07-31 10:23 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-07-29 20:54 1,016,719 --ahs---- C:\WINDOWS\system32\oqstv.bak1 2007-07-29 12:51 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared 2007-07-29 12:31 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-07-29 12:31 <DIR> d-------- C:\Program Files\MSECACHE 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Roxio 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared 2007-07-29 09:15 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2007-07-27 16:45 <DIR> d-------- C:\adaptec 2007-07-13 07:13 <DIR> d-------- C:\Program Files\RegCure 2007-07-10 14:09 <DIR> d-------- C:\!KillBox 2007-07-10 13:24 <DIR> d-------- C:\Deckard 2007-07-10 09:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-10 04:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-10 04:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-07-10 04:41 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo 2007-07-10 04:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-07-10 04:37 <DIR> d-------- C:\Program Files\Comodo 2007-07-10 04:08 82,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-10 04:08 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-07 07:59 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 00:08 --------- d-------- C:\Program Files\Common Files\Logitech 2007-08-02 16:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725(2).sys 2007-08-01 11:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-07-31 14:37 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725.sys 2007-07-29 12:52 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-29 09:16 --------- d-------- C:\Program Files\Sonic 2007-07-27 18:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-27 18:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-27 18:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-27 18:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 17:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 17:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 17:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-10 10:18 --------- d-------- C:\Program Files\Winamp 2007-07-10 10:18 --------- d-------- C:\Program Files\Webroot 2007-07-10 10:14 --------- d-------- C:\Program Files\MSN Messenger 2007-07-10 10:11 --------- d-------- C:\Program Files\Digital Media Reader 2007-07-10 04:23 2180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-10 04:23 1388 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-07-10 03:49 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-06-28 13:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype 2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-04 08:29 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2006-11-20 19:49 49 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb41.dat 2006-11-20 19:49 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1478.dat 2006-11-20 19:45 69632 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7460.dat 2006-11-20 19:45 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2240.dat 2006-11-20 19:45 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4848.dat 2006-11-20 19:45 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4352.dat 2006-11-18 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3502.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8885.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8388.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4023.dat 2006-11-15 18:41 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5724.dat 2006-11-15 18:41 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7810.dat 2006-11-15 18:41 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4600.dat 2006-11-15 18:41 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2636.dat 2006-11-15 18:41 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6878.dat 2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6908.dat 2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3734.dat 2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7273.dat 2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb720.dat 2006-11-10 16:07 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6500.dat 2006-11-10 16:07 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5685.dat 2006-11-10 16:07 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1085.dat 2006-11-10 16:07 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3633.dat 2006-11-10 16:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1749.dat 2006-11-10 15:28 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb9169.dat 2006-11-10 14:49 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6089.dat 2006-11-10 14:49 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6167.dat 2006-11-10 14:49 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1198.dat 2006-11-10 14:49 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2662.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6515.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5590.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb427.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3693.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8537.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7287.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb631.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5665.dat 2006-11-04 14:01 382 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1942.dat 2006-11-04 13:46 177152 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4827.dat 2006-11-04 13:46 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1469.dat 2006-11-04 13:46 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5436.dat 2006-11-04 13:46 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4604.dat 2006-11-01 22:23 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8253.dat 2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2391.dat 2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb153.dat 2006-10-06 14:33 9216 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8467.dat 2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6334.dat 2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3902.dat 2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{107CF975-BB67-4567-AB65-3471A90C2CCA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DC6AE67-6002-43FC-8A5A-9AB63C732E9C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A563E6C0-DE1D-46B4-A01D-B2BD1EB6DD68}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7A71404-F8F2-4D0F-B8C2-75911F687EF6}] C:\WINDOWS\system32\mljge.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC60387F-8F44-4824-9AC9-481D595C9D60}] C:\WINDOWS\system32\ddcyy.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 18:20] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 18:20] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 20:57] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-02 15:34] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45] "SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 19:02] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-13 16:55] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 14:29] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-10 04:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32] "Logitech BT Wizard"="LBTWiz.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-04 00:09] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-29 16:44:44] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-04 00:09:51] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-04 00:08:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy] C:\WINDOWS\system32\ddcyy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2005-09-06 02:44 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camcaud.sys R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys S1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys S3 Audddin;Audddin;C:\WINDOWS\system32\drivers\asctrm.sys S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys S3 EMCFILT;Alcor Micro Corp for Emachine- 9361;\??\C:\WINDOWS\System32\Drivers\EMcFilt.sys S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys S3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys S3 LHidUsbK;SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys *Newly Created Service* - LBTSERV Contents of the 'Scheduled Tasks' folder 2007-08-04 04:13:07 C:\WINDOWS\Tasks\RegCure Program Check.job 2007-07-13 11:16:14 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-04 08:56:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID] "\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"="" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-04 8:57:38 C:\ComboFix-quarantined-files.txt ... 2007-08-04 08:57 C:\ComboFix2.txt ... 2007-07-10 08:49 C:\ComboFix3.txt ... 2007-07-10 05:11 --- E O F ---
1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: *Windows Temp *Current User Temp *All Users Temp *Temporary Internet Files *Prefetch *Java Cache *The other boxes are optional* Then click the Empty Selected button. Click Exit on the Main menu to close the program. ========= Open notepad and copy/paste the text in the quotebox below into it: Save this as CFScript. (Check the spelling) Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Post also fresh hijackthislog
ComboFix 07-08-04.3 - "Owner" 2007-08-04 22:19:42.2 [GMT -4:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript..txt * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-04 00:09 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-08-04 00:06 <DIR> d-------- C:\Program Files\Logitech 2007-08-03 09:05 <DIR> d-------- C:\VundoFix Backups 2007-08-01 21:33 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat 2007-07-31 22:10 1,013,432 --ahs---- C:\WINDOWS\system32\wyadd.bak1 2007-07-31 10:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-07-31 10:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-07-31 10:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-07-31 10:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-07-31 10:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-07-31 10:23 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-07-29 20:54 1,016,719 --ahs---- C:\WINDOWS\system32\oqstv.bak1 2007-07-29 12:51 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared 2007-07-29 12:31 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-07-29 12:31 <DIR> d-------- C:\Program Files\MSECACHE 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Roxio 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-07-29 12:05 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared 2007-07-29 09:15 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL 2007-07-27 16:45 <DIR> d-------- C:\adaptec 2007-07-13 07:13 <DIR> d-------- C:\Program Files\RegCure 2007-07-10 14:09 <DIR> d-------- C:\!KillBox 2007-07-10 13:24 <DIR> d-------- C:\Deckard 2007-07-10 09:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-10 04:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-10 04:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-07-10 04:41 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo 2007-07-10 04:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-07-10 04:37 <DIR> d-------- C:\Program Files\Comodo 2007-07-10 04:08 82,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-10 04:08 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-07 07:59 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 21:57 --------- d-------- C:\Program Files\Common Files\Logitech 2007-08-02 16:27 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725(2).sys 2007-08-01 11:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-07-31 14:37 96256 --a------ C:\WINDOWS\system32\drivers\sptd5725.sys 2007-07-29 12:52 --------- d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-29 09:16 --------- d-------- C:\Program Files\Sonic 2007-07-27 18:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-27 18:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-27 18:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-27 18:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 17:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 17:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 17:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-10 10:18 --------- d-------- C:\Program Files\Winamp 2007-07-10 10:18 --------- d-------- C:\Program Files\Webroot 2007-07-10 10:14 --------- d-------- C:\Program Files\MSN Messenger 2007-07-10 10:11 --------- d-------- C:\Program Files\Digital Media Reader 2007-07-10 04:23 2180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-10 04:23 1388 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-07-10 03:49 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-06-28 13:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Skype 2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2006-11-20 19:49 49 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb41.dat 2006-11-20 19:49 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1478.dat 2006-11-20 19:45 69632 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7460.dat 2006-11-20 19:45 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2240.dat 2006-11-20 19:45 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4848.dat 2006-11-20 19:45 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4352.dat 2006-11-18 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3502.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8885.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8388.dat 2006-11-16 12:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4023.dat 2006-11-15 18:41 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5724.dat 2006-11-15 18:41 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7810.dat 2006-11-15 18:41 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4600.dat 2006-11-15 18:41 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2636.dat 2006-11-15 18:41 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6878.dat 2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6908.dat 2006-11-13 22:09 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3734.dat 2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7273.dat 2006-11-11 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb720.dat 2006-11-10 16:07 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6500.dat 2006-11-10 16:07 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5685.dat 2006-11-10 16:07 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1085.dat 2006-11-10 16:07 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3633.dat 2006-11-10 16:07 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1749.dat 2006-11-10 15:28 379 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb9169.dat 2006-11-10 14:49 173056 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6089.dat 2006-11-10 14:49 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6167.dat 2006-11-10 14:49 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1198.dat 2006-11-10 14:49 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2662.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6515.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5590.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb427.dat 2006-11-07 10:35 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3693.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8537.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb7287.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb631.dat 2006-11-05 11:10 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5665.dat 2006-11-04 14:01 382 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1942.dat 2006-11-04 13:46 177152 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4827.dat 2006-11-04 13:46 151 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb1469.dat 2006-11-04 13:46 13046 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb5436.dat 2006-11-04 13:46 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb4604.dat 2006-11-01 22:23 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8253.dat 2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb2391.dat 2006-11-01 22:22 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb153.dat 2006-10-06 14:33 9216 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb8467.dat 2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb6334.dat 2006-10-06 14:33 0 --a------ C:\DOCUME~1\Owner\APPLIC~1\internaldb3902.dat 2003-08-27 14:19 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-26 18:20] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-26 18:20] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 20:57] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-02 15:34] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45] "SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 19:02] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-13 16:55] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 14:29] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-10 04:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-04 00:09] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-29 16:44:44] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-04 00:09:51] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camcaud.sys R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camchal.sys R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys S1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys S3 Audddin;Audddin;C:\WINDOWS\system32\drivers\asctrm.sys S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys S3 EMCFILT;Alcor Micro Corp for Emachine- 9361;\??\C:\WINDOWS\System32\Drivers\EMcFilt.sys S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys S3 LHidUsbK;SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys Contents of the 'Scheduled Tasks' folder 2007-08-05 01:58:24 C:\WINDOWS\Tasks\RegCure Program Check.job 2007-07-13 11:16:14 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-04 22:25:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID] "\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000032c scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-04 22:26:38 C:\ComboFix-quarantined-files.txt ... 2007-08-04 22:26 C:\ComboFix2.txt ... 2007-08-04 08:57 C:\ComboFix3.txt ... 2007-07-10 08:49 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:17 AM, on 8/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab O18 - Protocol: bw+0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif -- End of file - 20087 bytes
Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe * Doubleclick the drweb-cureit.exe file and Allow to run the express scan * This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. * Once the short scan has finished, Click Options > Change settings * Choose the "Scan"-tab, remove the mark at "Heuristic analysis". * Back at the main window, mark the drives that you want to scan. * Select all drives. A red dot shows which drives have been chosen. * Click the green arrow at the right, and the scan will start. * Click 'Yes to all' i at the right, and the scan will start. * Click 'Yes to all' if it asks if you want to cure/move the file. * When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: at the right, and the scan will start. his will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) * After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list * Save the report to your desktop. The report will be called DrWeb.csv * Close Dr.Web Cureit. * Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. * After reboot, post the contents of the log from Dr.Web you saved previously in your next reply
isys32.exe;C:\!KillBox;Trojan.DownLoader.24790;Deleted.; winantiviruspro2007freeinstall[1].exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1;Trojan.DownLoader.10963;Deleted.; ntkhpvfo.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.; sypfpqex.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.; A0117879.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.; A0117880.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.DownLoader.26570;Deleted.; A0117881.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.DownLoader.26570;Deleted.; A0117882.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.; A0117883.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP544;Trojan.Virtumod;Deleted.; A0117951.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Winpop;Deleted.; A0117952.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.LowZones.267;Deleted.; A0117953.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Winpop;Deleted.; A0117954.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.MulDrop.8200;Deleted.; A0117960.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.DownLoader.24772;Deleted.; A0117961.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Adware.Duncan.33;Incurable.Moved.; A0117962.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Virtumod;Deleted.; A0117963.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP547;Trojan.Virtumod;Deleted.; A0117994.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.; A0118006.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.; A0118028.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP549;Trojan.Virtumod;Deleted.; A0118036.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.; A0118038.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0118041.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0118058.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0118060.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.; A0118061.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0118065.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119183.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119189.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119190.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119191.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119192.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.; A0119204.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.DownLoader.26570;Deleted.; A0119205.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119219.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119249.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119258.dll;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP550;Trojan.Virtumod;Deleted.; A0119528.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.DownLoader.10963;Deleted.; A0119529.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.Virtumod;Deleted.; A0119530.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP553;Trojan.Virtumod;Deleted.; A0120756.exe;C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP554;Trojan.DownLoader.24790;Deleted.; awtst.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; jaovafsk.exe.bad;C:\VundoFix Backups;Trojan.DownLoader.26570;Deleted.; jkklj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; ljjjifc.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; mljge.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; rxixmsdo.exe.bad;C:\VundoFix Backups;Trojan.DownLoader.26570;Deleted.; urqpooo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
Please download Deckard's System Scanner to your Desktop * Close all applications and windows. * Double-click on Dss.exe to run it, and follow the prompts. * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt Please post Main.txt and Extra.txt
Deckard's System Scanner v20070804.61 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz CPU 1: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz Percentage of Memory in Use: 74% Physical Memory (total/avail): 479.36 MiB / 120.12 MiB Pagefile Memory (total/avail): 1120.6 MiB / 839.39 MiB Virtual Memory (total/avail): 2047.88 MiB / 1961.93 MiB C: is Fixed (NTFS) - 70.95 GiB total, 20.83 GiB free. D: is Fixed (FAT32) - 3.56 GiB total, 0.83 GiB free. E: is CDROM (Unformatted) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: COMODO Firewall Pro v2.3.035 (COMODO) AV: avast! antivirus 4.7.1029 [VPS 000763-6] v4.7.1029 (ALWIL Software) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MIKEY ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\MIKEY NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=MIKEY USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Administrator.MIKEY (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749} --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} --> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511} --> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup Azureus --> C:\Program Files\Azureus\Uninstall.exe Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E89658-5D6B-4F0D-B72B-57863C3AD06C}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln Conexant AC-Link Audio --> CIAunwdm.exe Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A607AC66-0C76-4519-9751-E12A93BF8EB2} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582 KeyRipper 3.1 --> C:\PROGRA~1\DSSEVO~1.COM\KEYRIP~1\Setup.exe /remove /q0 Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9 LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9 AddRemoveCPRun neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033 RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe Roxio Easy Media Creator 7 --> MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5} Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0 Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe" Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Wheel of Fortune Deluxe (remove only) --> C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Uninstall Wheel of Fortune Deluxe.exe Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s -- Application Event Log ------------------------------------------------------- Event ID #2052: Warning Event Submitted/Written: 08/06/2007 00:04:00 AM Event Source: Userenv Event Description: Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Event ID #2050: Warning Event Submitted/Written: 08/05/2007 03:32:07 PM Event Source: Userenv Event Description: Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Event ID #2049: Error Event Submitted/Written: 08/05/2007 09:24:55 AM Event Source: Application Error Event Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module sphoneparser.dll, version 1.0.1.126, fault address 0x000484a4. Processing media-specific event for [iexplore.exe!ws!] Event ID #2045: Warning Event Submitted/Written: 08/04/2007 09:55:23 PM Event Source: Userenv Event Description: Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Event ID #2043: Warning Event Submitted/Written: 08/04/2007 09:04:52 AM Event Source: Userenv Event Description: Windows saved user MIKEY\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #39453: Error Event Submitted/Written: 08/06/2007 08:26:21 AM Event Source: Service Control Manager Event Description: The avast! Web Scanner service terminated with the following error: %%10049 Event ID #39444: Error Event Submitted/Written: 08/06/2007 08:26:21 AM Event Source: Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: szkg Event ID #39443: Error Event Submitted/Written: 08/06/2007 08:26:21 AM Event Source: Service Control Manager Event Description: The Cdralw2k service failed to start due to the following error: %%1058 Event ID #39442: Error Event Submitted/Written: 08/06/2007 08:26:21 AM Event Source: Service Control Manager Event Description: The Logitech Bluetooth Service service failed to start due to the following error: %%2 Event ID #39437: Warning Event Submitted/Written: 08/06/2007 00:03:58 AM Event Source: Win32k Event Description: A request to suspend power was denied by winlogon.exe. -- End of Deckard's System Scanner: finished at 2007-08-06 at 10:35:21 --------- --------------------------------------------------------------------- Deckard's System Scanner v20070804.61 Run by Owner on 2007-08-06 at 10:33:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 47: 2007-08-06 14:33:09 UTC - RP556 - Deckard's System Scanner Restore Point 46: 2007-08-06 13:18:01 UTC - RP555 - System Checkpoint 45: 2007-08-05 02:19:27 UTC - RP554 - ComboFix created restore point 44: 2007-08-04 12:47:46 UTC - RP553 - ComboFix created restore point 43: 2007-08-04 04:09:32 UTC - RP552 - Installed Logitech Desktop Messenger -- First Restore Point -- 1: 2007-07-12 20:30:44 UTC - RP510 - System Checkpoint Performed disk cleanup. Total Physical Memory: 480 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:17 AM, on 8/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373.cab O18 - Protocol: bw+0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {6DCB3D65-077B-4A22-9E7C-EF9320C07171} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Audddin - Windows (R) 2000 DDK provider - C:\WINDOWS\system32\drivers\asctrm.sys O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O24 - Desktop Component 0: (no name) - http://www.640toronto.com/images/top_table/listenlive.gif -- End of file - 20087 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070710-045014-259 O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe backup-20070712-015310-719 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers> R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing) S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing) S3 EMCFILT (Alcor Micro Corp for Emachine- 9361) - c:\windows\system32\drivers\emcfilt.sys <Not Verified; Alcor Micro Corp.; emcfilt> S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech Inc.; Logitech SetPoint> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing) S2 Roxio Upnp Server 9 - S2 RoxLiveShare9 (LiveShare P2P Server 9) - S2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module> S3 Audddin - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> S3 Roxio UPnP Renderer 9 - S3 stllssvr - -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_2029161F&REV_01\4&22270378&0&30F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_2029161F&REV_01\4&22270378&0&30F0 Service: bcm4sbxp -- Scheduled Tasks ------------------------------------------------------------- 2007-08-06 08:26:03 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job 2007-07-13 07:16:14 372 --a------ C:\WINDOWS\Tasks\RegCure.job -- Files created between 2007-07-06 and 2007-08-06 ----------------------------- 2007-08-05 09:34:16 0 d-------- C:\Documents and Settings\Owner\DoctorWeb 2007-08-04 00:06:05 0 d-------- C:\Program Files\Logitech 2007-08-03 09:05:05 0 d-------- C:\VundoFix Backups 2007-08-01 21:33:01 18 --a------ C:\WINDOWS\system32\dnfc32b295.dat 2007-07-31 22:10:56 1013432 --ahs---- C:\WINDOWS\system32\wyadd.bak1 2007-07-31 10:23:48 0 d-------- C:\Program Files\Spyware Doctor 2007-07-29 20:54:02 1016719 --ahs---- C:\WINDOWS\system32\oqstv.bak1 2007-07-29 12:51:19 0 d-------- C:\Program Files\Common Files\TiVo Shared 2007-07-29 12:31:59 0 d-------- C:\Program Files\Windows Installer Clean Up 2007-07-29 12:31:35 0 d-------- C:\Program Files\MSECACHE 2007-07-29 12:05:12 0 d-------- C:\Program Files\Roxio 2007-07-29 12:05:10 0 d-------- C:\Program Files\Common Files\Adaptec Shared 2007-07-29 12:05:09 0 d-------- C:\Program Files\Common Files\Roxio Shared 2007-07-27 16:45:51 0 d-------- C:\adaptec 2007-07-13 07:13:14 0 d-------- C:\Program Files\RegCure 2007-07-10 14:09:26 0 d-------- C:\!KillBox 2007-07-10 13:20:44 0 d-------- C:\Program Files\Common Files\Java 2007-07-10 09:00:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-07-10 04:49:04 0 d-------- C:\Program Files\Trend Micro 2007-07-10 04:41:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Comodo 2007-07-10 04:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-07-10 04:37:58 0 d-------- C:\Program Files\Comodo 2007-07-10 04:08:16 3360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-10 04:08:16 82464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat -- Find3M Report --------------------------------------------------------------- 2007-08-04 21:57:57 0 d-------- C:\Program Files\Common Files\Logitech 2007-08-02 14:31:49 0 d-------- C:\Program Files\Common Files 2007-08-01 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus 2007-07-29 12:52:00 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-07-29 09:16:22 0 d-------- C:\Program Files\Sonic 2007-07-10 13:21:29 0 d-------- C:\Program Files\Java 2007-07-10 10:18:26 0 d-------- C:\Program Files\Winamp 2007-07-10 10:18:09 0 d-------- C:\Program Files\Webroot 2007-07-10 10:14:53 0 d-------- C:\Program Files\MSN Messenger 2007-07-10 10:11:38 0 d-------- C:\Program Files\Digital Media Reader 2007-07-10 03:49:26 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-06-28 13:02:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/26/2004 06:20 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/26/2004 06:20 PM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [05/26/2004 08:57 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/02/2006 03:34 PM] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 06:03 PM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 03:25 PM] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 03:45 PM] "SetDefPrt"="C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe" [01/26/2005 07:02 PM] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/13/2005 04:55 PM] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [03/08/2005 10:13 PM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [02/13/2007 02:29 PM] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [07/10/2007 04:37 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [06/14/2007 06:32 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 02:31 PM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 12:57 PM] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [08/04/2007 12:09 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/29/2006 4:44:44 PM] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [8/4/2007 12:09:51 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" -- End of Deckard's System Scanner: finished at 2007-08-06 at 10:35:21 ---------
Open control panel and there add/remove programs.. remove this RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u ======== Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: * Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above * Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. * Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources * Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. * Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls * Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. * Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer * Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Instructions for - Spybot S & D and Ad-aware * Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware * Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety * IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. * MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer * Google Toolbar <= Get the free google toolbar to help stop pop up windows. * Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!
