Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Items In Start Up


  • This topic is locked This topic is locked
26 replies to this topic

#1 KKRoadie

KKRoadie

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 25 February 2007 - 04:47 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:28:14 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\KARLKU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
F3 - REG:win.ini: load=? 
F3 - REG:win.ini: run=? 
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.fugent.com
O15 - Trusted Zone: *.webex.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bw+0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:43 AM

Posted 05 March 2007 - 01:24 PM

Hello KKRoadie,

I am SifuMike and I will be helping you. :thumbsup:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

*********************
Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

*********************
I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure.

This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter.

When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program.

If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.

*********************

C:\DOCUME~1\KARLKU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe


You need to put HijackThis into its own folder, but not a temp folder. It won't save the backups if it is run from a temporary folder, and we will be deleting the temp folder.

Here is how to make a Hijackthis folder:

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT". Now you have C:\HJT\ folder. Put your hijackthis.exe there.



When done, submit the BitDefender log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 19 March 2007 - 05:55 PM

OK, the java reinstall went fine but I can't get the bitdefender online scan to work.

I have tried 5 or 6 times (each attempt taking 5-8 hours) and at about 75% complete (100% of my C drive and about 50% of my E drive) it gives me a run error and boots me out of the scan. I had disabled everything I could find (Virus software, spyware software, screensaver, backups, etc etc) but it still fails at about the same point every time. Prior to the failure it said it found 12 known viruses and a few suspected ones, and it said it disinfected 7 of them. It also said that over a million fileswere infected and that it was going to delete them?? (How could my PC survive the deletion of over half the files on the hard drive?)

Any new suggestions?

Should I just skip the bitdefender step and go to the next step (AVG)?

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:43 AM

Posted 19 March 2007 - 10:10 PM

Should I just skip the bitdefender step and go to the next step (AVG)?


Yes, skip BitDefender for now and go on to the next step.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 20 March 2007 - 10:49 PM

BitDefender failed after multiple attempts.
Here is the HJT log followed by the AVG log

Logfile of HijackThis v1.99.1
Scan saved at 10:43:10 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.EXE
C:\Program Files\Trend Micro\Antivirus\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.fugent.com
O15 - Trusted Zone: *.webex.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bw+0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

AVG LOG FOLLOWS

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:23:03 PM 3/20/2007

+ Scan result:



C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:43 AM

Posted 20 March 2007 - 11:03 PM

Hi KKRoadie,

Unwanted Items In Start Up


Are you asking a question? Or are you saying you have some unwanted items? If so, which ones are you speaking of?


Please go HERE to run Panda's ActiveScan
  • Note: This Scanner is for Internet Explorer Only!
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry.
Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.

Now please create a new Hijackthis Log and post it as a reply.

Edited by SifuMike, 20 March 2007 - 11:09 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 20 March 2007 - 11:37 PM

Hi KKRoadie,

QUOTE
Unwanted Items In Start Up

Are you asking a question? Or are you saying you have some unwanted items? If so, which ones are you speaking of?

Actually this all started when I noticed 3 items in start-up, NvCpl and two with Chinese characters. I looked up the NvCpl and it seems it is a virus (which I am unable to rid myself of, it's on my wife's PC too so maybe our home network is compounding the problem) The two chinese files had me stumped as they showed up as small boxes. I added the chinese font to the PC and they became chinese file names.

I actually checked them in the msconfig start-up like you asked (and I did not reboot again as you asked) but when I look now they are unchecked again.

I'll run panda, try to run everything in msconfig and post a new HJT log.

Thanks for your help. I'm pretty good with this stuff and the past week or two has been maddening

KK

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:43 AM

Posted 20 March 2007 - 11:43 PM

good thing you told me about those chinese characters. :flowers:

Hate to be like Columbo, but could you do just one more thing... :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 12:00 AM

OK

Panda is running right now so it will be a while

It already has found 63 viruses and 6 hacking tools

DOH!! (Homer Simpson voice)

#10 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 03:27 AM

Here is the Panda scan report


Incident Status Location

Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
Virus:trj/abwiz.a Disinfected Operating system
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl[~0000273.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000077.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000080.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000211.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000228.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000238.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000365.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000535.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\karlarchive[~0000804.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\karlarchive[~0000811.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0005116.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0005116.~]
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\pop3.concentric.net\Inbox[~0005915.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\BeAnAngel.sbd\tshirts
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl[~0000273.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000077.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000080.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000211.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000228.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000238.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000365.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000535.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\karlarchive[~0000804.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\karlarchive[~0000811.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0005116.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\BeAnAngel.sbd\tshirts
Hacktool:Exploit/iFrame Not disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl[~0000273.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000077.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000080.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000211.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000228.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000238.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000365.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\ebay[~0000535.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\karlarchive[~0000804.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\karlarchive[~0000811.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected C:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl.sbd\Sentarchive[~0005116.~]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Karl Kuenning\Cookies\karl_kuenning@mediaplex[1].txt
Hacktool:Exploit/iFrame Not disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl[~0000273.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000077.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000080.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000211.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000228.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000238.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000365.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\ebay[~0000535.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\karlarchive[~0000804.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\karlarchive[~0000811.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Karl.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Roadie.sbd\Sentarchive[~0005116.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\Local Folders\Sentarchive[~0005116.~]
Hacktool:Exploit/iFrame Not disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\pop3.concentric.net\Inbox[~0005915.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\BeAnAngel.sbd\tshirts
Hacktool:Exploit/iFrame Not disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl[~0000273.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000077.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000080.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000211.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000228.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000238.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000365.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\ebay[~0000535.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\karlarchive[~0000804.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\karlarchive[~0000811.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Karl.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie-1.net\Roadie.sbd\Sentarchive[~0005116.~]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Archive[~0000309.~][Mgwai.doc]
Virus:W97M/Groov.AN Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Archive2[~0000309.~][Mgwai.doc]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0003742.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0003747.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004213.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004261.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0004264.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Roadie.sbd\Sentarchive[~0005116.~]
Virus:JS/Kak.Worm Disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\BeAnAngel.sbd\tshirts
Hacktool:Exploit/iFrame Not disinfected E:\Documents and Settings\Karl Kuenning\Application Data\Mozilla\Profiles\karlfk-1\naf997ns.slt\Mail\roadie.net\Trash.sbd\Karl[~0000273.~]
Virus:JS/

#11 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 03:34 AM

Combofix report

"Karl Kuenning" - 07-03-21 3:26:20 Service Pack 2
ComboFix 07-03-20.2 - Running from: "C:\HJT"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))


2007-03-20 23:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-03-20 23:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-03-20 22:40 <DIR> d-------- C:\HJT
2007-03-19 22:13 6,469,352 --------- C:\temp\avgas-setup-7.5.0.50.exe
2007-03-19 22:13 3,968 --------- C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-03-19 22:12 50,688 --------- C:\temp\ATF-Cleaner.exe
2007-03-18 10:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-03-18 10:25 13,170,312 --------- C:\temp\jre-6-windows-i586.exe
2007-03-11 09:55 <DIR> d-------- C:\DOCUME~1\KARLKU~1\APPLIC~1\Viewpoint
2007-03-08 00:35 <DIR> d-------- C:\Program Files\iTunes
2007-02-25 13:52 98,304 --------- C:\WINDOWS\SYSTEM32\msir3jp.dll
2007-02-25 13:52 9,216 --------- C:\WINDOWS\SYSTEM32\kbdnecAT.dll
2007-02-25 13:52 838,144 --------- C:\WINDOWS\SYSTEM32\chtbrkr.dll
2007-02-25 13:52 811,064 --------- C:\WINDOWS\SYSTEM32\imjp81k.dll
2007-02-25 13:52 8,704 --------- C:\WINDOWS\SYSTEM32\kbdjpn.dll
2007-02-25 13:52 8,192 --------- C:\WINDOWS\SYSTEM32\kbdkor.dll
2007-02-25 13:52 76,288 --------- C:\WINDOWS\SYSTEM32\uniime.dll
2007-02-25 13:52 70,656 --------- C:\WINDOWS\SYSTEM32\korwbrkr.dll
2007-02-25 13:52 7,680 --------- C:\WINDOWS\SYSTEM32\kbdnecNT.dll
2007-02-25 13:52 7,168 --------- C:\WINDOWS\SYSTEM32\kbdnec95.dll
2007-02-25 13:52 7,168 --------- C:\WINDOWS\SYSTEM32\kbdibm02.dll
2007-02-25 13:52 7,168 --------- C:\WINDOWS\SYSTEM32\f3ahvoas.dll
2007-02-25 13:52 6,656 --------- C:\WINDOWS\SYSTEM32\kbdlk41a.dll
2007-02-25 13:52 6,656 --------- C:\WINDOWS\SYSTEM32\c_is2022.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbdlk41j.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbdax2.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd106n.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd106.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd101c.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd101b.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd101a.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\kbd101.dll
2007-02-25 13:52 6,144 --------- C:\WINDOWS\SYSTEM32\ftlx041e.dll
2007-02-25 13:52 5,632 --------- C:\WINDOWS\SYSTEM32\kbdusa.dll
2007-02-25 13:52 5,632 --------- C:\WINDOWS\SYSTEM32\kbd103.dll
2007-02-25 13:52 218,112 --------- C:\WINDOWS\SYSTEM32\c_g18030.dll
2007-02-25 13:52 185,344 --------- C:\WINDOWS\SYSTEM32\Thawbrkr.dll
2007-02-25 13:52 10,752 --------- C:\WINDOWS\SYSTEM32\c_iscii.dll
2007-02-25 13:52 1,677,824 --------- C:\WINDOWS\SYSTEM32\chsbrkr.dll
2007-02-25 13:35 <DIR> d-------- C:\Program Files\Uniblue
2007-02-25 13:35 <DIR> d-------- C:\DOCUME~1\KARLKU~1\APPLIC~1\Uniblue


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-21 00:26 -------- d-------- C:\Program Files\digital line detect
2007-03-21 00:26 -------- d-------- C:\Program Files\dell support
2007-03-20 20:30 384 --------- C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2007-03-20 20:30 384 --------- C:\WINDOWS\SYSTEM32\dvcstate-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2007-03-20 19:41 -------- d-------- C:\Program Files\nwdesktop
2007-03-20 19:00 16 --------- C:\WINDOWS\popcinfo.dat
2007-03-20 06:50 -------- d-------- C:\Program Files\digstream
2007-03-18 10:32 -------- d-------- C:\Program Files\java
2007-03-16 22:59 164 --------- C:\install.dat
2007-03-11 09:55 -------- d-------- C:\DOCUME~1\KARLKU~1\APPLIC~1\viewpoint
2007-03-08 00:35 -------- d-------- C:\Program Files\itunes
2007-03-08 00:35 -------- d-------- C:\Program Files\ipod
2007-03-08 00:32 -------- d-------- C:\Program Files\quicktime
2007-03-01 19:54 22080 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2007-03-01 19:54 21056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2007-03-01 19:54 20544 --------- C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2007-03-01 19:54 144960 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2007-02-25 13:41 -------- d-------- C:\DOCUME~1\KARLKU~1\APPLIC~1\uniblue
2007-02-25 13:35 -------- d-------- C:\Program Files\uniblue
2007-02-18 11:45 11876 --------- C:\WINDOWS\mozver.dat
2007-01-13 02:06 118784 -r------- C:\WINDOWS\bwunin-7.2.0.157-8876480sl.exe
2007-01-12 18:45 42544 --------- C:\WINDOWS\SYSTEM32\gotomon.dll
2007-01-08 20:01 17408 --------- C:\WINDOWS\SYSTEM32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PowerPanel Personal Edition User Interaction"="\"C:\\Program Files\\CyberPower PowerPanel Personal Edition\\pppeuser.exe\""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe\""
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Antivirus\\pccguide.exe\""
"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\Antivirus\\PCClient.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"webscan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\Antivirus\\TMOAgent.exe\" /run"
"StopSignSsTsMon"="\"Rundll32.exe\" \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"CTSysVol"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe\" /r"
"CTHelper"="CTHELPER.EXE"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="????"
"hkey"="HKCU"
"command"="????"
"inimapping"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Login.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\wrSpySweeper20060320221419.job
C:\WINDOWS\tasks\wrSpySweeper20060320221453.job
C:\WINDOWS\tasks\wrSpySweeper20060905165640.job
C:\WINDOWS\tasks\wrSpySweeper20060905165712.job
C:\WINDOWS\tasks\wrSpySweeper_L194B6264CCB04F6B92CC607947866FEF.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-21 3:29:22

#12 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 03:45 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:40:16 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.fugent.com
O15 - Trusted Zone: *.webex.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#13 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 03:56 AM

I've tried everything I know to enable everything in msconfig but the 2 chinese items keep unchecking themselves (I even tried rebooting after selecting them again)

As you see the /auto is still in effect.

:thumbsup:

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:43 AM

Posted 21 March 2007 - 01:30 PM

Hi KKRoadie,

You have two antivirus programs running. Acceleration stopsign antivirus and Trend Micro Antivirus. :thumbsup:
It not recommended to have this because it can cause file access issues. If there is an infection the multiple programs can block each other from dealing with the infected file and it causes your computer to be slow.

See this: http://service1.symantec.com/SUPPORT/nav.n...000031316555206
"Symantec recommends that you have only one anti-virus program installed on your computer."

Start by choosing which you are going to run and uninstall the other.



I don't believe Logitech Desktop Messenger is something you will ever miss, but instead of uninstalling it, just follow my instructions below (which will stop it running) but will still leave it available for you to run manualy, should you so desire...



Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


If you decided to uninstall Stop-Sign, then "fix" these.
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus



If you didn't add '*.fugent.com' and '*.webex.com' to your trusted pages, it should be fixed.
O15 - Trusted Zone: *.fugent.com
O15 - Trusted Zone: *.webex.com


"Fix" all of the O18 - Protocol items. There are over 75 of them.
O18 - Protocol: bw+0 - {1A85C3E7-A225-49BB-A548-D441BE3D11A3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll



The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
(Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [RealTray] \"C:\Program Files\Real\RealPlayer\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER
(Description: RealPlayer system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.



Let's empty the temp files:

Run CCleaner.

Do not use the "Issues" block . It's meant for professionals.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot to the Normal Mode , post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 21 March 2007 - 02:05 PM

I use the Trend Micro (although my confidence is waning after this outbreak) I ditched Norton about a year ago for a similar failure to stop an infection.

I don't see any Stop Sign program in the remove programs list, I don't recall installing it but maybe a long time ago

The AVG program was just installed a few days ago at your instruction. Do you want me to uninstall it?

KK

Edited by KKRoadie, 21 March 2007 - 02:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users