Tech Support Forum - View Single Post

Horror · 06-19-2009, 10:41 AM

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:46, on 19.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Objavi v spletnem dnevniku - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi v spletnem dnevniku v Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ALEŠ IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {754693AA-011F-40DD-B075-DD4644A47F54} (Importer.Imp) - http://www.imvu.com/catalog/invite/Importer.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13
O18 - Protocol: bw+0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 22508 bytes

Also, I'll post logs [if that helps] from my first reply:

Combofix log:

ComboFix 09-06-17.04 - ALE� IN PETRA 18.06.2009 17:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.511.162 [GMT 2:00]
Running from: c:\documents and settings\ALE� IN PETRA\Desktop\ComboFix.exe
AV: NOD32 protivirusni sistem 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2099-05-28 12:21 . 2099-05-28 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2099-05-28 12:21 . 2006-06-13 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2099-05-28 12:19 . 2099-05-28 12:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2099-05-24 19:02 . 2006-06-01 12:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2099-05-24 19:02 . 2006-06-01 12:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2099-05-24 19:00 . 2099-05-24 19:00 -------- d-----w- c:\program files\Nero
2099-05-24 19:00 . 2008-11-29 08:41 -------- d-----w- c:\program files\Common Files\Ahead
2099-05-24 19:00 . 2007-10-30 14:37 -------- d-----w- c:\program files\Yahoo!
2099-05-24 18:09 . 2008-12-20 22:43 1287680 ----a-w- c:\windows\system32\quartz.dll
2099-05-24 18:08 . 2008-06-09 13:36 -------- d-----w- c:\program files\QuickTime
2099-05-24 18:07 . 2007-07-18 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2099-05-24 18:07 . 2009-06-14 10:23 -------- d-----w- c:\program files\Winamp
2099-05-24 18:06 . 2006-06-01 12:48 -------- d-----w- c:\program files\Webteh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-05-24 19:03 . 2099-05-24 18:09 -------- d-----w- c:\program files\DivX
2099-05-24 17:29 . 2099-05-24 17:28 -------- d-----w- c:\program files\ATI Technologies
2099-05-24 17:27 . 2099-05-24 17:27 -------- d-----w- c:\program files\AMD
2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek Sound Manager
2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\AvRack
2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek AC97
2099-05-24 16:15 . 2099-05-24 16:15 -------- d-----w- c:\program files\microsoft frontpage
2099-05-24 16:14 . 2099-05-24 16:14 558142 -c--a-w- c:\windows\java\Packages\PJ5RXZ7J.ZIP
2099-05-24 16:14 . 2099-05-24 16:14 155995 -c--a-w- c:\windows\java\Packages\I7BDV5BV.ZIP
2099-05-24 16:12 . 2099-05-24 16:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 12:21 . 2009-06-18 12:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 12:19 . 2009-06-18 12:19 1342377 ----a-w- C:\MGtools.exe
2009-06-18 11:53 . 2009-03-08 09:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 11:53 . 2007-06-25 08:02 -------- d-----w- c:\program files\Java
2009-06-17 18:20 . 2009-06-17 18:20 -------- d-----w- c:\program files\Bonjour
2009-06-17 18:19 . 2009-06-17 18:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-17 18:19 . 2009-06-17 15:33 -------- d-----w- c:\program files\Common Files\Macrovision Shared(2)
2009-06-17 18:19 . 2006-08-18 15:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 18:18 . 2009-06-17 17:10 -------- d-----w- c:\program files\Adobe Media Player
2009-06-17 17:06 . 2009-06-17 17:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-17 09:27 . 2009-06-18 15:03 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-18 15:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 15:45 . 2009-06-15 15:45 -------- d-----w- c:\program files\CCleaner
2009-06-14 10:47 . 2009-06-14 10:47 -------- d-----w- c:\program files\URUSoft
2009-05-19 17:53 . 2002-08-29 03:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-05-19 14:15 . 2009-05-19 14:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-19 13:57 . 2009-05-19 13:57 -------- d-----w- c:\program files\Stardock
2009-05-11 08:31 . 2008-04-29 08:06 -------- d-----w- c:\program files\Cheat Engine
2009-05-07 15:44 . 2002-08-29 03:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 14:39 . 2009-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2009-05-01 16:03 . 2009-05-01 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-04-22 13:02 . 2007-03-20 15:42 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-17 09:58 . 2002-08-29 02:14 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2002-08-29 03:41 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-11-08 15:31 . 2007-10-08 15:11 88 --sh--r- c:\windows\system32\2F15BFE971.sys
2007-11-08 15:31 . 2007-10-08 15:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 152872]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-02 921600]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-03 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-1 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-05-25 13:22 63040 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II Demo\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\games\\Worms World Party(XP OK!)\\WWP\\wwp.exe"=
"c:\\Documents and Settings\\ALE� IN PETRA\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18.3.2009 18:43 28544]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [19.2.2008 11:05 2944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 10:05 72944]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.4.2007 14:00 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [20.6.2007 14:12 46112]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 10:05 7408]
S1 ShldDrv;Panda File Shield Driver; [x]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\imon.dll
TCP: {412F52B3-9B1E-442C-8DC4-EE261BC148B9} = 193.189.160.23 193.189.160.13
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab
DPF: {754693AA-011F-40DD-B075-DD4644A47F54} - hxxp://www.imvu.com/catalog/invite/Importer.CAB
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82FE3BC9-8AEE-735C-B795-B35CC376B4F5}*]
"abahibedodoacpaegambghdodegegfammg"=hex:61,61,00,00
"bbahibedodoacpaegahbfjgagefghckipfoe"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:eb,2e,59,f7,08,e9,62,ed,7a,2e,a9,96,59,02,05,d6,45,2d,5b,c3,64,92,c0,
05,07,72,07,d1,f2,8c,ff,ec,53,e4,03,19,96,e7,ca,1f,d8,95,08,1b,44,d3,b5,46,\
"??"=hex:79,03,80,a8,84,67,07,3b,95,10,b4,7b,3e,1c,bf,15
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2009-06-18 18:10
ComboFix-quarantined-files.txt 2009-06-18 16:10

Pre-Run: 80.353.640.448 bytes free
Post-Run: 89.948.532.736 prosto bajtov

210 --- E O F --- 2009-06-11 12:04

MalwareBytes's Anti-Malware:

Malwarebytes' Anti-Malware 1.38
Database version: 2304
Windows 5.1.2600 Service Pack 2

18.6.2009 17:19:32
mbam-log-2009-06-18 (17-19-32).txt

Scan type: Quick Scan
Objects scanned: 100363
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

SuperAntiSpyware Free Edition:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2009 at 04:32 PM

Application Version : 4.26.1004

Core Rules Database Version : 3945
Trace Rules Database Version: 1887

Scan type : Complete Scan
Total Scan Time : 02:03:41

Memory items scanned : 767
Memory threats detected : 0
Registry items scanned : 6882
Registry threats detected : 85
File items scanned : 37729
File threats detected : 15

Adware.MyWebSearch
HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.WhenU
HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet003\Services\oreans32
HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#un
HKLM\SOFTWARE\MyWebSearch\MWSOEMON
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
HKLM\SOFTWARE\MyWebSearch\OEHosts
HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\2.bin
C:\Program Files\MyWebSearch\bar\3.bin
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared\00701C12.dat
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts

Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\ALE� IN PETRA\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

Spyware.RelevantKnowledge
C:\PROGRAM FILES\RELEVANTKNOWLEDGE\RLSERVICE.EXE

06-19-2009, 10:41 AM	#3 (permalink)
Horror Registered User Join Date: Jun 2009 Posts: 4 OS: XP	Re: Kryptik.TL trojan Here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:52:46, on 19.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Objavi v spletnem dnevniku - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi v spletnem dnevniku v Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ALEŠ IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab O16 - DPF: {754693AA-011F-40DD-B075-DD4644A47F54} (Importer.Imp) - http://www.imvu.com/catalog/invite/Importer.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13 O18 - Protocol: bw+0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 22508 bytes Also, I'll post logs [if that helps] from my first reply: Combofix log: ComboFix 09-06-17.04 - ALE� IN PETRA 18.06.2009 17:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.511.162 [GMT 2:00] Running from: c:\documents and settings\ALE� IN PETRA\Desktop\ComboFix.exe AV: NOD32 protivirusni sistem 2.51 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\msimg32.dll . ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))) . 2099-05-28 12:21 . 2099-05-28 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6 2099-05-28 12:21 . 2006-06-13 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6 2099-05-28 12:19 . 2099-05-28 12:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2099-05-24 19:02 . 2006-06-01 12:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead 2099-05-24 19:02 . 2006-06-01 12:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead 2099-05-24 19:00 . 2099-05-24 19:00 -------- d-----w- c:\program files\Nero 2099-05-24 19:00 . 2008-11-29 08:41 -------- d-----w- c:\program files\Common Files\Ahead 2099-05-24 19:00 . 2007-10-30 14:37 -------- d-----w- c:\program files\Yahoo! 2099-05-24 18:09 . 2008-12-20 22:43 1287680 ----a-w- c:\windows\system32\quartz.dll 2099-05-24 18:08 . 2008-06-09 13:36 -------- d-----w- c:\program files\QuickTime 2099-05-24 18:07 . 2007-07-18 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2099-05-24 18:07 . 2009-06-14 10:23 -------- d-----w- c:\program files\Winamp 2099-05-24 18:06 . 2006-06-01 12:48 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2099-05-24 19:03 . 2099-05-24 18:09 -------- d-----w- c:\program files\DivX 2099-05-24 17:29 . 2099-05-24 17:28 -------- d-----w- c:\program files\ATI Technologies 2099-05-24 17:27 . 2099-05-24 17:27 -------- d-----w- c:\program files\AMD 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek Sound Manager 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\AvRack 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek AC97 2099-05-24 16:15 . 2099-05-24 16:15 -------- d-----w- c:\program files\microsoft frontpage 2099-05-24 16:14 . 2099-05-24 16:14 558142 -c--a-w- c:\windows\java\Packages\PJ5RXZ7J.ZIP 2099-05-24 16:14 . 2099-05-24 16:14 155995 -c--a-w- c:\windows\java\Packages\I7BDV5BV.ZIP 2099-05-24 16:12 . 2099-05-24 16:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-18 12:21 . 2009-06-18 12:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-18 12:19 . 2009-06-18 12:19 1342377 ----a-w- C:\MGtools.exe 2009-06-18 11:53 . 2009-03-08 09:14 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-18 11:53 . 2007-06-25 08:02 -------- d-----w- c:\program files\Java 2009-06-17 18:20 . 2009-06-17 18:20 -------- d-----w- c:\program files\Bonjour 2009-06-17 18:19 . 2009-06-17 18:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-06-17 18:19 . 2009-06-17 15:33 -------- d-----w- c:\program files\Common Files\Macrovision Shared(2) 2009-06-17 18:19 . 2006-08-18 15:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-17 18:18 . 2009-06-17 17:10 -------- d-----w- c:\program files\Adobe Media Player 2009-06-17 17:06 . 2009-06-17 17:06 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-17 09:27 . 2009-06-18 15:03 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2009-06-18 15:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-15 15:45 . 2009-06-15 15:45 -------- d-----w- c:\program files\CCleaner 2009-06-14 10:47 . 2009-06-14 10:47 -------- d-----w- c:\program files\URUSoft 2009-05-19 17:53 . 2002-08-29 03:41 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-05-19 14:15 . 2009-05-19 14:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-05-19 13:57 . 2009-05-19 13:57 -------- d-----w- c:\program files\Stardock 2009-05-11 08:31 . 2008-04-29 08:06 -------- d-----w- c:\program files\Cheat Engine 2009-05-07 15:44 . 2002-08-29 03:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 14:39 . 2009-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development 2009-05-01 16:03 . 2009-05-01 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2009-04-22 13:02 . 2007-03-20 15:42 -------- d-----w- c:\program files\Messenger Plus! Live 2009-04-17 09:58 . 2002-08-29 02:14 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2002-08-29 03:41 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-11-08 15:31 . 2007-10-08 15:11 88 --sh--r- c:\windows\system32\2F15BFE971.sys 2007-11-08 15:31 . 2007-10-08 15:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 152872] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-02 921600] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-03 136704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-1 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-05-25 13:22 63040 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II Demo\\game.dat"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\mcoinstall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\games\\Worms World Party(XP OK!)\\WWP\\wwp.exe"= "c:\\Documents and Settings\\ALE� IN PETRA\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18.3.2009 18:43 28544] R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [19.2.2008 11:05 2944] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 10:05 72944] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.4.2007 14:00 12992] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [20.6.2007 14:12 46112] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 10:05 7408] S1 ShldDrv;Panda File Shield Driver; [x] S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?] S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.si/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore IE: &Search IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: c:\windows\system32\imon.dll TCP: {412F52B3-9B1E-442C-8DC4-EE261BC148B9} = 193.189.160.23 193.189.160.13 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab DPF: {754693AA-011F-40DD-B075-DD4644A47F54} - hxxp://www.imvu.com/catalog/invite/Importer.CAB FF - ProfilePath - . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 18:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82FE3BC9-8AEE-735C-B795-B35CC376B4F5}] "abahibedodoacpaegambghdodegegfammg"=hex:61,61,00,00 "bbahibedodoacpaegahbfjgagefghckipfoe"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:eb,2e,59,f7,08,e9,62,ed,7a,2e,a9,96,59,02,05,d6,45,2d,5b,c3,64,92,c0, 05,07,72,07,d1,f2,8c,ff,ec,53,e4,03,19,96,e7,ca,1f,d8,95,08,1b,44,d3,b5,46,\ "??"=hex:79,03,80,a8,84,67,07,3b,95,10,b4,7b,3e,1c,bf,15 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll - - - - - - - > 'lsass.exe'(748) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Completion time: 2009-06-18 18:10 ComboFix-quarantined-files.txt 2009-06-18 16:10 Pre-Run: 80.353.640.448 bytes free Post-Run: 89.948.532.736 prosto bajtov 210 --- E O F --- 2009-06-11 12:04 MalwareBytes's Anti-Malware: Malwarebytes' Anti-Malware 1.38 Database version: 2304 Windows 5.1.2600 Service Pack 2 18.6.2009 17:19:32 mbam-log-2009-06-18 (17-19-32).txt Scan type: Quick Scan Objects scanned: 100363 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 17 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. SuperAntiSpyware Free Edition: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/18/2009 at 04:32 PM Application Version : 4.26.1004 Core Rules Database Version : 3945 Trace Rules Database Version: 1887 Scan type : Complete Scan Total Scan Time : 02:03:41 Memory items scanned : 767 Memory threats detected : 0 Registry items scanned : 6882 Registry threats detected : 85 File items scanned : 37729 File threats detected : 15 Adware.MyWebSearch HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.WhenU HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32 HKLM\System\ControlSet003\Services\oreans32 HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Adware.MyWebSearch/FunWebProducts HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#Maximized HKLM\SOFTWARE\MyWebSearch\bar#Visible HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#un HKLM\SOFTWARE\MyWebSearch\MWSOEMON HKLM\SOFTWARE\MyWebSearch\MWSOEPLG HKLM\SOFTWARE\MyWebSearch\OEHosts HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName C:\Program Files\MyWebSearch\bar\1.bin C:\Program Files\MyWebSearch\bar\2.bin C:\Program Files\MyWebSearch\bar\3.bin C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared\00701C12.dat C:\Program Files\FunWebProducts\Shared C:\Program Files\FunWebProducts Application.PowerReg Scheduler C:\DOCUMENTS AND SETTINGS\ALE� IN PETRA\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE Spyware.RelevantKnowledge C:\PROGRAM FILES\RELEVANTKNOWLEDGE\RLSERVICE.EXE