Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans Detected


  • This topic is locked This topic is locked
13 replies to this topic

#1 twilldab

twilldab

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 16 July 2007 - 10:21 PM

File c:\windows\system32\qwerty12.exe
infected with Trojan.Fotomoto.A

Hello, any help you can provide will be greatly appreciated. I have some issues with different Trojans attacking my PC. Mainly the ones mentioned above. These three. Trojan.Clicker.MNB Trojan.PWS.Ldpinch. Trojan.Fotomoto.A

PLease help

David

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:17 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\ksptat.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\ksptat.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\ksptat.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180971300796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2266CD5-0945-4809-961B-2972FC0E4809}: NameServer = 204.127.203.135,216.148.225.135
O18 - Protocol: bw+0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\jkhhgff.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ksptat - C:\WINDOWS\SYSTEM32\ksptat.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 27850 bytes

BC AdBot (Login to Remove)

 


#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 18 July 2007 - 12:27 PM

Hello twilldab,

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#3 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 18 July 2007 - 08:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:32 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180971300796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2266CD5-0945-4809-961B-2972FC0E4809}: NameServer = 204.127.203.135,216.148.225.135
O18 - Protocol: bw+0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ksptat - ksptat.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 27519 bytes

- 2007-07-18 19:11:08 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ddabxwv.dll
C:\WINDOWS\system32\jkhhgff.dll
C:\WINDOWS\system32\ssttuuv.dll
C:\WINDOWS\system32\jkhhi.exe
C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\pmkhf.exe
C:\WINDOWS\system32\pmnll.exe
C:\WINDOWS\system32\sstqq.exe
C:\WINDOWS\system32\ssttt.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\AMYLYN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\DH3335G5\www.broadcaster.com
C:\DOCUME~1\AMYLYN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\DH3335G5\www.broadcaster.com\played_list.sol
C:\DOCUME~1\AMYLYN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\DH3335G5\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\AMYLYN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\AMYLYN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-18 19:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 22:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-15 20:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-15 10:47 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-15 10:47 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-15 10:47 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-15 10:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-07-15 10:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-07-15 10:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-07-15 10:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-15 10:47 <DIR> d-------- C:\Program Files\Sygate
2007-07-15 00:18 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\Bitdefender
2007-07-15 00:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-15 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-14 19:46 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
2007-07-14 19:46 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-07-14 19:01 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-14 18:39 <DIR> d-------- C:\VundoFix Backups
2007-07-14 14:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 14:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-14 14:10 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 00:37 <DIR> d-------- C:\Program Files\RogueRemover PRO
2007-07-14 00:04 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\F-Secure
2007-07-14 00:00 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-07-14 00:00 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-07-13 23:59 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2007-07-13 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-07-13 23:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-07-13 08:25 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\SpywareBot
2007-07-12 09:32 <DIR> d-------- C:\Program Files\Norton Save and Restore
2007-07-12 09:31 <DIR> d-------- C:\Program Files\Symantec
2007-07-11 23:19 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\PC Tools
2007-07-11 21:52 <DIR> d-------- C:\Program Files\PC Bug Doctor
2007-07-11 21:28 <DIR> d-------- C:\Program Files\LG Software Innovations
2007-07-11 17:23 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-11 17:23 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-11 17:23 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-11 17:23 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-11 17:23 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-11 17:23 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-11 17:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-11 16:57 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-11 14:03 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-07-11 11:52 <DIR> d-------- C:\Program Files\DVDx
2007-07-10 23:29 <DIR> d-------- C:\divx
2007-07-10 23:13 <DIR> d-------- C:\Program Files\AC3Filter
2007-07-10 22:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-07-10 22:26 18 --a------ C:\WINDOWS\system32\dn543b0f48.dat
2007-07-10 22:09 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\Talkback
2007-07-10 22:01 <DIR> d-------- C:\Program Files\The Playa
2007-07-10 22:01 <DIR> d-------- C:\Program Files\DivXCodec
2007-07-10 21:28 87,608 --a------ C:\DOCUME~1\AMYLYN~1\APPLIC~1\inst.exe
2007-07-10 21:28 47,360 --a------ C:\DOCUME~1\AMYLYN~1\APPLIC~1\pcouffin.sys
2007-07-10 21:28 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-07-10 21:28 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-07-10 21:28 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-07-10 21:28 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\Vso
2007-07-10 21:15 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-10 21:15 <DIR> d-------- C:\Program Files\vso
2007-07-10 21:02 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-07-10 21:02 <DIR> d-------- C:\Program Files\dvd43
2007-07-10 20:07 <DIR> d-------- C:\Program Files\321Studios
2007-07-10 17:38 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\Snapfish
2007-07-10 13:53 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\DivX
2007-07-09 22:12 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-09 22:12 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-09 22:12 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-09 22:12 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-09 22:12 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-09 22:11 <DIR> d-------- C:\Program Files\DivX
2007-07-08 12:51 <DIR> d-------- C:\Program Files\InterActual
2007-07-08 11:17 <DIR> d-------- C:\Incomplete
2007-07-08 11:16 <DIR> d-------- C:\Program Files\360Share Pro
2007-07-08 11:16 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\Shared
2007-07-08 11:16 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\Incomplete
2007-07-08 11:16 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\LimeWire
2007-07-08 11:16 <DIR> d-------- C:\David
2007-07-08 10:59 <DIR> d-------- C:\DECCHECK
2007-07-08 09:40 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\FunWebProducts
2007-07-07 20:22 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\Yahoo!
2007-07-07 20:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-05 10:47 <DIR> d-------- C:\Program Files\iTunes
2007-07-05 10:47 <DIR> d-------- C:\Program Files\iPod
2007-07-05 10:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 10:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-02 14:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 14:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 14:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 14:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 14:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 14:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 14:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 14:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 14:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 14:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 14:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 14:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 14:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 14:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 10:40:46 -------- d-----w C:\Program Files\XoftSpySE
2007-07-14 19:10:11 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 05:38:23 2,014 ---h--r C:\WINDOWS\system32\drivers\hosts
2007-07-12 14:32:29 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-12 04:05:26 -------- d-----w C:\Program Files\Messenger
2007-07-12 04:05:24 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-07-12 04:05:23 -------- d-----w C:\Program Files\RegCure
2007-07-11 16:52:23 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-10 19:08:48 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-07-08 22:21:32 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Corel
2007-07-08 22:21:06 1,368 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-08 22:17:53 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\ArcSoft
2007-07-08 17:51:03 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-07-08 17:50:56 -------- d-----w C:\Program Files\Dell
2007-07-08 01:21:33 -------- d-----w C:\Program Files\Yahoo!
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-30 16:22:41 -------- d-----w C:\Program Files\Creative
2007-06-23 16:00:45 -------- d-----w C:\Program Files\Apple Software Update
2007-06-15 18:48:34 -------- d-----w C:\Program Files\Adobe Illustrator CS3
2007-06-15 18:17:22 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Apple Computer
2007-06-15 18:16:48 -------- d-----w C:\Program Files\QuickTime
2007-06-15 17:06:32 -------- d-----w C:\Program Files\Adobe Fireworks CS3
2007-06-15 17:06:29 -------- d-----w C:\Program Files\Adobe Dreamweaver CS3
2007-06-15 17:06:26 -------- d-----w C:\Program Files\Adobe Contribute CS3
2007-06-15 17:06:25 -------- d-----w C:\Program Files\Acrobat 8.0
2007-06-15 17:06:20 -------- d-----w C:\Program Files\Adobe Photoshop CS3
2007-06-15 17:06:18 -------- d-----w C:\Program Files\Adobe InDesign CS3
2007-06-15 17:06:13 -------- d-----w C:\Program Files\Adobe Flash CS3
2007-06-15 04:15:54 -------- d-----w C:\Program Files\Common Files\Control Panels
2007-06-15 02:53:37 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\InstallShield
2007-06-15 02:22:21 -------- d-----w C:\Program Files\Babylock
2007-06-14 17:01:04 -------- d-----w C:\Program Files\Bonjour
2007-06-14 16:57:27 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-06-10 22:35:53 -------- d-----w C:\Program Files\MTV Networks
2007-06-10 22:15:15 -------- d-----w C:\Program Files\Lavasoft
2007-06-10 22:02:14 -------- d-----w C:\Program Files\Belarc
2007-06-10 18:34:50 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2007-06-10 18:33:32 -------- d-----w C:\Program Files\My Book
2007-06-10 18:33:32 -------- d-----w C:\Program Files\Common Files\ArcSoft
2007-06-10 18:33:16 -------- d-----w C:\Program Files\Western Digital Technologies
2007-06-10 17:17:31 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Dell DM061 .MRK
2007-06-10 17:17:31 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Dell DM061 .MRK
2007-06-10 17:14:20 -------- d-----w C:\Program Files\Intel
2007-06-10 17:10:23 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\ATI
2007-06-10 16:11:42 -------- d-----w C:\Program Files\CONEXANT
2007-06-10 16:09:06 -------- d-----w C:\Program Files\ATI Technologies
2007-06-05 21:51:15 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Logitech
2007-06-05 21:49:12 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-05 21:48:56 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-05 21:48:32 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-05 21:48:25 -------- d-----w C:\Program Files\Logitech
2007-06-05 03:55:21 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-05 03:55:14 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-05 03:54:47 -------- d-----w C:\Program Files\MSBuild
2007-06-05 03:52:38 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-05 03:27:08 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Sonic
2007-06-05 03:27:00 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Leadertech
2007-06-05 03:23:23 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-05 03:22:35 -------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-06-05 03:22:33 -------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-06-05 03:20:56 -------- d-----w C:\Program Files\Roxio
2007-06-05 02:50:42 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-05 02:48:43 -------- d-----w C:\Program Files\Common Files\Corel
2007-06-05 02:47:59 -------- d-----w C:\Program Files\Corel
2007-06-05 02:44:42 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Symantec
2007-06-05 02:41:32 -------- d-----w C:\Program Files\Windows Defender
2007-06-05 02:19:36 -------- d-----w C:\Program Files\Google
2007-06-05 01:58:35 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\TuneUp Software
2007-06-05 01:55:21 -------- d-----w C:\Program Files\PCPitstop
2007-06-05 01:52:32 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\Google
2007-06-04 23:38:33 -------- d-----w C:\Program Files\Microsoft Works
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 15:06:22 -------- d-----w C:\Program Files\EPSON
2007-06-04 14:47:44 -------- d-----w C:\Program Files\SigmaTel
2007-06-04 14:38:39 -------- d-----w C:\DOCUME~1\AMYLYN~1\APPLIC~1\GTek
2007-06-04 14:38:35 -------- d-----w C:\Program Files\DellConnect
2007-06-04 13:52:55 -------- d-----w C:\Program Files\Broadcom
2007-06-03 22:48:13 -------- d-----w C:\Program Files\Common Files\L&H
2007-06-03 22:47:54 -------- d-----w C:\Program Files\Microsoft.NET
2007-06-03 22:47:36 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-03 22:20:23 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-03 22:20:03 0 --sha-w C:\CONFIG.SYS
2007-06-03 22:20:03 0 --sha-w C:\AUTOEXEC.BAT
2007-06-03 22:20:03 0 --sha-r C:\MSDOS.SYS
2007-06-03 22:20:03 0 --sha-r C:\IO.SYS
2007-06-03 22:19:17 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-03 22:18:36 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-03 22:18:28 -------- d-----w C:\Program Files\Movie Maker
2007-06-03 22:17:55 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-03 22:17:50 -------- d-----w C:\Program Files\Online Services
2007-06-03 22:17:45 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-03 22:17:37 -------- d-----w C:\Program Files\Windows NT
2007-06-03 17:11:15 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-03 17:11:13 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2007-05-30 16:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
2007-03-16 15:13 118784 --a------ C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-23 18:04 140840 --a------ C:\Program Files\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 15:33 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-11-07 05:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-04 20:52 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-05-10 22:47 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-28 22:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"@"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-01-17 20:34]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 04:19]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 04:18]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-07-15 01:17]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 22:03]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-06-13 17:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksptat]
ksptat.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"PD0870 STISvc"=RunDLL32.exe P0870Pin.dll,RunDLL32EP 513
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-07-16 04:16:26 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-12 11:48:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-18 15:01:01 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-19 00:22:34 C:\WINDOWS\tasks\RegCure Program Check.job
2007-07-16 07:04:29 C:\WINDOWS\tasks\RegCure.job
2007-07-19 00:00:40 C:\WINDOWS\tasks\Scheduled scanning task.job
2007-07-19 00:22:36 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-07-16 10:39:30 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 19:21:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 19:24:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 19:24

--- E O F ---

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 19 July 2007 - 12:53 AM

Hello twilldab,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - Winlogon Notify: ksptat - ksptat.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Please post back with a fresh HJT log and an update on how your computer is running.
Posted Image

#5 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 19 July 2007 - 06:21 AM

Here is the new scan. So far so go on the system. I will run some more virus scans and report back.

Thanks for your help! You guys are awesome!

David


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:39 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180971300796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2266CD5-0945-4809-961B-2972FC0E4809}: NameServer = 204.127.203.135,216.148.225.135
O18 - Protocol: bw+0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {193C5EB7-A311-4F55-A829-47F0024DDB03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 25464 bytes

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 19 July 2007 - 07:41 PM

Hello twilldab,

Let me know if the anti-virus scans find anything of worry, I'll be here if they do :thumbsup:
Posted Image

#7 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 28 July 2007 - 02:31 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 15 August 2007 - 01:31 AM

Topic Re-Opened at user request.
Posted Image

#9 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 16 August 2007 - 09:01 PM

-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 13/08/2007 08:43:52
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
Folders : 21505
Files : 1238385
Memory processes scanned : 54
Archives : 25562
Runtime packers : 132425
Identified viruses : 3
Infected files : 5
Memory processes infected : 0
Suspect files : 30
Warnings : 0
Disinfected files : 0
Deleted files : 4
Moved files : 0
I/O errors : 41
Scan time : 03:12:32
Scan speed (files/sec) : 107

Spyware Statistics

Registry keys scanned : 2029
Registry keys infected : 0
Cookies scanned : 528
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 754807
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1187012632.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected: Trojan.Bat.Sdel.AC
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Disinfection failed
C:\Documents and Settings\Amy Lynn Twilley\Desktop\New Folder\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Move failed
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$RFEH2N1.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\$RECYCLE.BIN\$ROLLUWC.PST Archive repacking has failed (marked actions not taken)
D:\$RECYCLE.BIN\$ROLLUWC.PST=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst Archive repacking has failed (marked actions not taken)
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Infected: Win32.Sober.O@mm
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip=>Winzipped-Text_Data.txt .pif Deleted
D:\email.pst=>[Subject: mailing error][From: register@hotmail.com]=>error-mail_info.zip Archive repacking successfully completed (actions successfully applied)
D:\email.pst Archive repacking has failed (marked actions not taken)
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability
D:\email.pst=>[Subject: Fw: Hi,darling][From: Amy Twilley]=>(body) Suspect: Exploit.Iframe.Vulnerability

PLease help.

David
:thumbsup:

#10 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 18 August 2007 - 03:06 AM

Hello twilldab,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst
D:\email.pst



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image

#11 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 19 August 2007 - 10:10 AM

Hello Rip Chain,

I had uninstalled Combo Fix. I reinstalled it and ran a completely new log which I have pasted below. I will also complete what you have asked in the next reply. Stay tuned.

Regards,

D.T.

ComboFix 07-08-14.4 - "" 2007-08-19 9:55:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.960 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\AMYLYN~1\APPLIC~1\FunWebProducts
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 09:35 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-19 09:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\WholeSecurity
2007-08-19 09:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-13 08:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-02 23:28 <DIR> d-------- C:\Program Files\eBay
2007-08-02 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\eBay
2007-07-26 20:29 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\CopyToDvd
2007-07-22 18:10 <DIR> d-------- C:\Program Files\Sierra Online
2007-07-19 21:54 <DIR> d-------- C:\WINDOWS\pss
2007-07-19 12:51 49,152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-07-19 12:51 1,044,480 -ra------ C:\WINDOWS\system32\roboex32.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 09:55 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-19 09:48 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-08-18 12:23 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-08-14 06:21 --------- d-------- C:\Program Files\RegCure
2007-08-13 05:44 --------- d-------- C:\Program Files\XoftSpySE
2007-08-02 23:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 08:29 1420 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-19 20:11 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 21:22 --------- d-------- C:\Program Files\F-Secure Internet Security
2007-07-16 22:04 --------- d-------- C:\Program Files\Trend Micro
2007-07-15 10:47 --------- d-------- C:\Program Files\Sygate
2007-07-14 19:46 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
2007-07-14 14:10 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 11:05 --------- d-------- C:\Program Files\Enigma Software Group
2007-07-14 00:40 --------- d-------- C:\Program Files\RogueRemover PRO
2007-07-14 00:38 2014 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-07-13 04:17 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 09:32 --------- d-------- C:\Program Files\Norton Save and Restore
2007-07-12 09:32 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-12 09:31 --------- d-------- C:\Program Files\Symantec
2007-07-11 23:19 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-11 23:19 --------- d-------- C:\Program Files\vso
2007-07-11 23:19 --------- d-------- C:\Program Files\PC Bug Doctor
2007-07-11 23:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-11 23:05 --------- d-------- C:\Program Files\Messenger
2007-07-11 23:05 --------- d-------- C:\Program Files\DivX
2007-07-11 23:05 --------- d-------- C:\Program Files\360Share Pro
2007-07-11 21:28 --------- d-------- C:\Program Files\LG Software Innovations
2007-07-11 12:20 --------- d-------- C:\Program Files\321Studios
2007-07-11 11:52 --------- d-------- C:\Program Files\DVDx
2007-07-10 23:13 --------- d-------- C:\Program Files\AC3Filter
2007-07-10 22:38 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-07-10 22:01 --------- d-------- C:\Program Files\The Playa
2007-07-10 22:01 --------- d-------- C:\Program Files\DivXCodec
2007-07-10 21:28 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-10 21:02 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-07-10 21:02 --------- d-------- C:\Program Files\dvd43
2007-07-10 14:08 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-07-08 12:51 --------- d-------- C:\Program Files\InterActual
2007-07-08 12:51 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-08 12:50 --------- d-------- C:\Program Files\Dell
2007-07-07 20:21 --------- d-------- C:\Program Files\Yahoo!
2007-07-05 10:48 --------- d-------- C:\Program Files\iTunes
2007-07-05 10:47 --------- d-------- C:\Program Files\iPod
2007-07-05 10:46 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-02 14:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 14:41 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 14:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 14:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 14:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 14:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-02 14:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 14:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 14:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 14:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 14:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 14:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 14:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 14:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 14:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 14:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 14:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 14:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 14:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-01 19:18 --------- d-------- C:\Program Files\MySpace
2007-06-30 11:22 --------- d-------- C:\Program Files\Creative
2007-06-30 11:10 --------- d-------- C:\Program Files\SightSpeed
2007-06-30 11:07 --------- d-------- C:\Program Files\ArcSoft
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-01-17 20:34]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-07-15 01:17]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 22:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-06-13 17:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"PD0870 STISvc"=RunDLL32.exe P0870Pin.dll,RunDLL32EP 513

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
R3 P0870Dev;Creative WebCam Live! Motion;C:\WINDOWS\system32\DRIVERS\P0870Dev.sys
S2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
S3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CO_MON

Contents of the 'Scheduled Tasks' folder
2007-08-19 13:47:21 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-16 11:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-18 15:01:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-18 22:00:13 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-19 07:01:28 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-18 22:00:03 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-19 13:47:24 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 09:58:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 9:59:13
C:\ComboFix-quarantined-files.txt ... 2007-08-19 09:59

--- E O F ---

#12 twilldab

twilldab
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 19 August 2007 - 10:36 AM

Per your request:

ComboFix 07-08-14.4 - "" 2007-08-19 10:29:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.916 [GMT -5:00]
Command switches used :: C:\Documents and Settings\NetworkService\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst
D:\email.pst


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backup.pst
C:\Documents and Settings\Amy Lynn Twilley\My Documents\Amy\backupaddresses.pst
D:\Amy\PhotoWorks\My Documents\Amy\backup.pst
D:\Amy\PhotoWorks\My Documents\Amy\backupaddresses.pst
D:\email.pst


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 09:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Bitdefender
2007-08-19 09:35 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-19 09:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\WholeSecurity
2007-08-19 09:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-13 08:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-02 23:28 <DIR> d-------- C:\Program Files\eBay
2007-08-02 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\eBay
2007-07-26 20:29 <DIR> d-------- C:\DOCUME~1\AMYLYN~1\APPLIC~1\CopyToDvd
2007-07-22 18:10 <DIR> d-------- C:\Program Files\Sierra Online
2007-07-19 21:54 <DIR> d-------- C:\WINDOWS\pss
2007-07-19 12:51 49,152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-07-19 12:51 1,044,480 -ra------ C:\WINDOWS\system32\roboex32.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 10:30 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-19 09:59 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-08-19 09:48 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-08-14 06:21 --------- d-------- C:\Program Files\RegCure
2007-08-13 05:44 --------- d-------- C:\Program Files\XoftSpySE
2007-08-02 23:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 08:29 1420 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-19 20:11 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 21:22 --------- d-------- C:\Program Files\F-Secure Internet Security
2007-07-16 22:04 --------- d-------- C:\Program Files\Trend Micro
2007-07-15 10:47 --------- d-------- C:\Program Files\Sygate
2007-07-14 19:46 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
2007-07-14 14:10 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 11:05 --------- d-------- C:\Program Files\Enigma Software Group
2007-07-14 00:40 --------- d-------- C:\Program Files\RogueRemover PRO
2007-07-14 00:38 2014 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-07-13 04:17 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 09:32 --------- d-------- C:\Program Files\Norton Save and Restore
2007-07-12 09:32 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-12 09:31 --------- d-------- C:\Program Files\Symantec
2007-07-11 23:19 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-11 23:19 --------- d-------- C:\Program Files\vso
2007-07-11 23:19 --------- d-------- C:\Program Files\PC Bug Doctor
2007-07-11 23:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-11 23:05 --------- d-------- C:\Program Files\Messenger
2007-07-11 23:05 --------- d-------- C:\Program Files\DivX
2007-07-11 23:05 --------- d-------- C:\Program Files\360Share Pro
2007-07-11 21:28 --------- d-------- C:\Program Files\LG Software Innovations
2007-07-11 12:20 --------- d-------- C:\Program Files\321Studios
2007-07-11 11:52 --------- d-------- C:\Program Files\DVDx
2007-07-10 23:13 --------- d-------- C:\Program Files\AC3Filter
2007-07-10 22:38 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-07-10 22:01 --------- d-------- C:\Program Files\The Playa
2007-07-10 22:01 --------- d-------- C:\Program Files\DivXCodec
2007-07-10 21:28 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-07-10 21:02 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-07-10 21:02 --------- d-------- C:\Program Files\dvd43
2007-07-10 14:08 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-07-08 12:51 --------- d-------- C:\Program Files\InterActual
2007-07-08 12:51 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-08 12:50 --------- d-------- C:\Program Files\Dell
2007-07-07 20:21 --------- d-------- C:\Program Files\Yahoo!
2007-07-05 10:48 --------- d-------- C:\Program Files\iTunes
2007-07-05 10:47 --------- d-------- C:\Program Files\iPod
2007-07-05 10:46 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-02 14:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 14:41 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 14:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 14:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-02 14:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-02 14:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-02 14:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 14:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 14:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 14:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 14:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 14:37 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 14:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 14:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 14:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 14:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 14:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 14:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 14:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 14:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 14:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-01 19:18 --------- d-------- C:\Program Files\MySpace
2007-06-30 11:22 --------- d-------- C:\Program Files\Creative
2007-06-30 11:10 --------- d-------- C:\Program Files\SightSpeed
2007-06-30 11:07 --------- d-------- C:\Program Files\ArcSoft
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-01-17 20:34]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-07-15 01:17]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 22:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-06-13 17:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-05 16:47:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe
"PD0870 STISvc"=RunDLL32.exe P0870Pin.dll,RunDLL32EP 513

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
R3 P0870Dev;Creative WebCam Live! Motion;C:\WINDOWS\system32\DRIVERS\P0870Dev.sys
S2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
S3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CO_MON

Contents of the 'Scheduled Tasks' folder
2007-08-19 13:47:21 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-16 11:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-19 15:01:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-18 22:00:13 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-19 07:01:28 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-18 22:00:03 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-19 13:47:24 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 10:32:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 10:34:04
C:\ComboFix-quarantined-files.txt ... 2007-08-19 10:34
C:\ComboFix2.txt ... 2007-08-19 09:59

--- E O F ---

#13 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 21 August 2007 - 05:59 PM

Hello twilldab,

Please post back with a new HijackThis log, as well.
Posted Image

#14 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:02:05 PM

Posted 06 September 2007 - 09:06 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users