|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
09-30-2006, 04:23 AM
|
#1 (permalink) |
|
Registered User
|
have i got a virus/ spyware?
Logfile of HijackThis v1.99.1
Scan saved at 11:22:31, on 30/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\My Documents\Old Documents\Jons Documents\Programs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...skysports.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158958609484 O17 - HKLM\System\CCS\Services\Tcpip\..\{E50CB008-3B56-4BB7-B12B-E29B903E104B}: NameServer = 194.72.0.98 194.72.9.38 O18 - Protocol: bw+0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
__________________
*sycko* |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-30-2006, 09:27 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
I'd like you to rename HijackThis.exe to happy.exe.
Post a new HijackThis log with this renamed version.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-02-2006, 09:38 AM
|
#3 (permalink) |
|
Registered User
|
ok cheers for the help!
i think i did that right? let me know Logfile of HijackThis v1.99.1 Scan saved at 16:37:53, on 02/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\My Documents\Old Documents\Jons Documents\Programs\happy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {47A8CC3D-A013-49E1-8E79-F68CFD3D20EE} - C:\WINDOWS\system32\vturp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\hcbxqoqh.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158958609484 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371030.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E50CB008-3B56-4BB7-B12B-E29B903E104B}: NameServer = 194.72.0.98 194.72.9.38 O18 - Protocol: bw+0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________
*sycko* |
|
|
|
|
10-02-2006, 01:43 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
You did just right...let's see about cleaning these pests from your system.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download this file from one of these locations: http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/combofix.exe * IMPORTANT !!! Place it on your Desktop. We'll use this shortly. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\hcbxqoqh.dll Close HijackThis now. --------------------------------------------------------------------------------------------- Run ComboFix now, using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\combofix.exe" /v vturp winetn32 hcbxqoqhWhen finished, it shall produce a log for you. Post that log in your next reply with a new HJT log Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-02-2006, 03:37 PM
|
#6 (permalink) |
|
Registered User
|
thanx tetonbob i realy appreciate this and will be sure to make another contribution when i next get paid!!!!
combo fix log: Owner - 06-10-02 22:28:34.53 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\desktop" Command switches used :: /v vturp winetn32 hcbxqoqh (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\winetn32.dll C:\WINDOWS\system32\hcbxqoqh.dll C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\components C:\Program Files\Common Files\{CC4E05E4-096B-1033-0512-06081806002c} ((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 )))))))))))))))))))))))))))))))))) 2006-10-02 22:26 86,068 --a------ C:\WINDOWS\system32\aabagorf.dll 2006-09-30 11:05 143,380 --a------ C:\WINDOWS\system32\hylvbohg.exe 2006-09-29 18:34 6,752 --a------ C:\WINDOWS\system32\PfModNT.sys 2006-09-29 18:27 41,984 --------- C:\WINDOWS\Ctregrun.exe 2006-09-29 18:16 90,112 --------- C:\WINDOWS\Updreg.EXE 2006-09-29 18:16 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL 2006-09-29 18:16 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL 2006-09-29 18:16 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL 2006-09-29 18:16 53,552 --------- C:\WINDOWS\CTCCW.DLL 2006-09-29 18:16 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL 2006-09-29 18:16 24,976 --------- C:\WINDOWS\CTRES.DLL 2006-09-29 18:16 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL 2006-09-29 18:16 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL 2006-09-29 18:16 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2006-09-29 18:15 94,208 --a------ C:\WINDOWS\DEVREG.DLL 2006-09-29 18:15 904,496 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys 2006-09-29 18:15 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL 2006-09-29 18:15 69,632 --a------ C:\WINDOWS\system32\ctcoinst.dll 2006-09-29 18:15 645,392 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys 2006-09-29 18:15 606,208 --a------ C:\WINDOWS\system32\ctsblfx.dll 2006-09-29 18:15 6,096 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys 2006-09-29 18:15 53,248 --a------ C:\WINDOWS\system32\KILLAPPS.EXE 2006-09-29 18:15 49,152 --a------ C:\WINDOWS\MIDIDEF.EXE 2006-09-29 18:15 49,152 --a------ C:\WINDOWS\CTDCRES.DLL 2006-09-29 18:15 45,056 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL 2006-09-29 18:15 366,160 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys 2006-09-29 18:15 36,864 --a------ C:\WINDOWS\system32\sfman32.dll 2006-09-29 18:15 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE 2006-09-29 18:15 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL 2006-09-29 18:15 332,800 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys 2006-09-29 18:15 28,672 --a------ C:\WINDOWS\system32\CTMMEP.DLL 2006-09-29 18:15 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE 2006-09-29 18:15 20,480 --a------ C:\WINDOWS\system32\ENSDEF.EXE 2006-09-29 18:15 20,480 --a------ C:\WINDOWS\INRES.DLL 2006-09-29 18:15 184,320 --a------ C:\WINDOWS\PSCONV.EXE 2006-09-29 18:15 180,224 --a------ C:\WINDOWS\READREG.EXE 2006-09-29 18:15 178,672 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys 2006-09-29 18:15 177,456 --a------ C:\WINDOWS\system32\drivers\CTOSS9X.SYS 2006-09-29 18:15 172,032 --a------ C:\WINDOWS\system32\SFMS32.DLL 2006-09-29 18:15 159,744 --a------ C:\WINDOWS\system32\CTOSUSER.DLL 2006-09-29 18:15 155,648 --a------ C:\WINDOWS\system32\OPENAL32.DLL 2006-09-29 18:15 148,432 --a------ C:\WINDOWS\system32\drivers\haP16v2k.sys 2006-09-29 18:15 145,488 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys 2006-09-29 18:15 143,360 --a------ C:\WINDOWS\system32\ctdvinst.dll 2006-09-29 18:15 130,288 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys 2006-09-29 18:15 12,160 --a------ C:\WINDOWS\system32\drivers\CTGAME.SYS 2006-09-29 18:15 118,784 --a------ C:\WINDOWS\system32\CTSCAL.DLL 2006-09-29 18:15 114,688 --a------ C:\WINDOWS\system32\PIAPROXY.DLL 2006-09-29 18:15 106,496 --a------ C:\WINDOWS\system32\CTTHXCAL.DLL 2006-09-29 18:14 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll 2006-09-29 18:14 65,536 --a------ C:\WINDOWS\system32\a3d.dll 2006-09-29 18:14 585,728 --a------ C:\WINDOWS\system32\ctaudfx.dll 2006-09-29 18:14 57,344 --a------ C:\WINDOWS\system32\CTAGENT.DLL 2006-09-29 18:14 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL 2006-09-29 18:14 466,944 --a------ C:\WINDOWS\system32\CTDC0001.DLL 2006-09-29 18:14 327,680 --a------ C:\WINDOWS\system32\CTDC0000.DLL 2006-09-29 18:14 139,264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL 2006-09-29 18:14 126,976 --a------ C:\WINDOWS\system32\CTASIO.DLL 2006-09-29 18:14 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2006-09-29 18:14 114,688 --a------ C:\WINDOWS\system32\commonfx.dll 2006-09-29 18:14 110,592 --a------ C:\WINDOWS\system32\CTDPROXY.DLL 2006-09-29 18:12 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll 2006-09-29 18:12 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE 2006-09-29 18:12 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL 2006-09-29 18:12 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2006-09-29 18:12 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL 2006-09-29 18:11 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys 2006-09-29 18:04 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2006-09-29 18:04 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2006-09-29 18:03 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2006-09-27 18:17 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2006-09-27 17:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2006-09-27 17:44 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2006-09-27 17:44 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2006-09-27 17:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2006-09-27 17:44 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2006-09-27 17:44 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll 2006-09-27 17:36 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2006-09-27 17:36 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2006-09-27 17:36 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2006-09-27 17:36 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2006-09-27 17:36 306,688 --a------ C:\WINDOWS\IsUninst.exe 2006-09-27 17:36 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2006-09-27 17:36 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2006-09-27 17:35 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll 2006-09-25 14:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2006-09-23 23:18 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll 2006-09-23 22:09 68,228 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2006-09-23 19:41 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2006-09-23 15:19 46,080 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2006-09-23 15:19 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-09-23 15:19 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-09-23 07:58 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2006-09-22 23:02 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe 2006-09-22 21:00 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll 2006-09-22 21:00 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2006-09-22 20:17 54,784 --a------ C:\WINDOWS\system32\msvci70.dll 2006-09-22 20:17 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2006-09-22 20:17 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2006-09-22 20:17 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll 2006-09-22 19:51 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2006-09-22 19:50 13,105 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2006-09-22 19:41 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-22 19:41 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-09-22 19:41 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-09-22 19:41 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-22 19:41 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-09-22 19:36 90,112 --a------ C:\WINDOWS\system32\gsicon.exe 2006-09-22 19:36 37,376 --a------ C:\WINDOWS\system32\CoInst.dll 2006-09-22 19:36 274,731 --a------ C:\WINDOWS\system32\drivers\gwausb.sys 2006-09-22 19:36 172,032 --a------ C:\WINDOWS\system32\autoconn.dll 2006-09-22 19:36 16,384 --a------ C:\WINDOWS\system32\dslagent.exe 2006-09-22 19:35 947,472 --a------ C:\WINDOWS\system32\msjava.dll 2006-09-22 19:35 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll 2006-09-22 19:35 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2006-09-22 19:35 46,352 --a------ C:\WINDOWS\setdebug.exe 2006-09-22 19:35 404,752 --a------ C:\WINDOWS\system32\javart.dll 2006-09-22 19:35 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2006-09-22 19:35 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll 2006-09-22 19:35 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll 2006-09-22 19:35 187,152 --a------ C:\WINDOWS\system32\javacypt.dll 2006-09-22 19:35 172,304 --a------ C:\WINDOWS\system32\jview.exe 2006-09-22 19:35 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2006-09-22 19:35 171,280 --a------ C:\WINDOWS\system32\jit.dll 2006-09-22 19:35 154,384 --a------ C:\WINDOWS\system32\msawt.dll 2006-09-22 19:35 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe 2006-09-22 19:35 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2006-09-22 19:35 113 --a------ C:\WINDOWS\system32\zonedon.reg 2006-09-22 19:35 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2006-09-22 17:39 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2006-09-22 17:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2006-09-22 17:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2006-09-22 17:39 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-09-22 17:32 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2006-09-22 15:50 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2006-09-22 15:50 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2006-09-22 15:50 38,912 --------- C:\WINDOWS\system32\picn20.dll 2006-09-22 15:50 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2006-09-22 15:50 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2006-09-22 15:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2006-09-22 15:50 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2006-09-22 15:50 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2006-09-22 01:04 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2006-09-22 01:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2006-09-22 01:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2006-09-22 01:02 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2006-09-22 01:02 8,704 --a------ C:\WINDOWS\system32\batt.dll 2006-09-22 01:02 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2006-09-22 01:02 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2006-09-22 01:02 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2006-09-22 01:02 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2006-09-22 01:02 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2006-09-22 01:02 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2006-09-22 01:02 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll 2006-09-22 01:02 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2006-09-22 01:02 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2006-09-22 01:02 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2006-09-22 01:02 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2006-09-22 01:02 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2006-09-22 01:02 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2006-09-21 19:21 90,112 --a------ C:\WINDOWS\unvise32.exe 2006-09-21 18:40 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-09-21 18:10 52,736 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2006-09-21 18:10 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll 2006-09-21 18:10 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2006-09-21 18:10 289,792 -ra------ C:\WINDOWS\system32\idecoiins.dll 2006-09-21 18:10 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll 2006-09-21 18:10 261,120 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2006-09-21 18:10 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe 2006-09-21 18:10 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2006-09-21 18:10 208,896 --------- C:\WINDOWS\system32\nvuide.exe 2006-09-21 18:10 208,384 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2006-09-21 18:10 208,384 -ra------ C:\WINDOWS\system32\fdco1.dll 2006-09-21 18:10 18,944 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2006-09-21 18:10 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll 2006-09-21 18:10 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll 2006-09-21 18:10 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll 2006-09-21 18:10 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll 2006-09-21 18:10 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll 2006-09-21 18:10 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll 2006-09-21 18:10 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll 2006-09-21 18:10 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll 2006-09-21 18:10 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll 2006-09-21 18:10 109,568 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2006-09-21 18:10 100,736 -ra------ C:\WINDOWS\system32\drivers\nvata.sys 2006-09-21 18:10 10,240 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2006-09-21 18:10 10,240 -ra------ C:\WINDOWS\system32\bdco1.dll 2006-09-21 18:10 1,068,800 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2006-09-21 18:02 486,400 -ra------ C:\WINDOWS\system32\AsusSetup.exe 2006-09-21 18:02 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-09-21 18:01 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2006-09-21 18:01 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2006-09-21 18:01 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2006-09-21 18:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2006-09-21 18:01 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2006-09-21 18:01 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2006-09-21 18:01 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2006-09-21 18:01 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2006-09-21 18:01 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2006-09-21 18:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2006-09-21 18:01 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll 2006-09-21 18:01 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2006-09-21 18:01 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2006-09-21 18:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2006-09-21 18:01 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2006-09-21 18:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-09-21 17:45 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2006-09-21 17:42 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2006-09-21 17:42 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2006-09-21 17:40 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS 2006-09-21 17:29 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2006-09-21 17:29 0 -rahs---- C:\MSDOS.SYS 2006-09-21 17:29 0 -rahs---- C:\IO.SYS 2006-09-21 17:29 0 --a------ C:\CONFIG.SYS 2006-09-21 17:29 0 --a------ C:\AUTOEXEC.BAT 2006-09-21 17:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2006-09-21 17:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2006-09-21 17:28 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2006-09-21 17:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2006-09-21 17:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2006-09-21 17:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2006-09-21 17:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2006-09-21 17:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2006-09-21 17:28 41,240 --a------ C:\WINDOWS\system32\wups.dll 2006-09-21 17:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2006-09-21 17:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2006-09-21 17:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-09-21 17:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2006-09-21 17:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2006-09-21 17:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2006-09-21 17:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2006-09-21 17:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-09-21 17:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2006-09-21 17:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-09-21 17:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll 2006-09-21 17:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe 2006-09-21 17:28 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2006-09-21 17:28 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2006-09-21 17:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2006-09-21 17:27 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2006-09-21 17:27 81,920 --a------ C:\WINDOWS\system32\ils.dll 2006-09-21 17:27 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2006-09-21 17:27 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2006-09-21 17:27 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2006-09-21 17:27 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-09-21 17:27 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2006-09-21 17:27 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2006-09-21 17:27 5,632 --a------ C:\WINDOWS\system32\write.exe 2006-09-21 17:27 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2006-09-21 17:27 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2006-09-21 17:27 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2006-09-21 17:27 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2006-09-21 17:27 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2006-09-21 17:27 274,944 --a------ C:\WINDOWS\system32\mstask.dll 2006-09-21 17:27 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2006-09-21 17:27 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2006-09-21 17:27 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2006-09-21 17:27 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2006-09-21 17:27 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2006-09-21 17:27 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2006-09-21 17:27 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2006-09-21 17:26 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2006-09-21 17:26 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2006-09-21 17:26 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2006-09-21 17:26 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2006-09-21 17:26 9,728 --a------ C:\WINDOWS\system32\reset.exe 2006-09-21 17:26 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2006-09-21 17:26 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2006-09-21 17:26 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2006-09-21 17:26 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2006-09-21 17:26 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2006-09-21 17:26 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2006-09-21 17:26 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2006-09-21 17:26 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2006-09-21 17:26 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2006-09-21 17:26 60,416 --a------ C:\WINDOWS\system32\remotepg.dll 2006-09-21 17:26 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2006-09-21 17:26 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2006-09-21 17:26 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2006-09-21 17:26 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2006-09-21 17:26 56,832 --a------ C:\WINDOWS\system32\sol.exe 2006-09-21 17:26 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2006-09-21 17:26 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2006-09-21 17:26 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2006-09-21 17:26 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2006-09-21 17:26 538,624 --a------ C:\WINDOWS\system32\spider.exe 2006-09-21 17:26 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2006-09-21 17:26 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2006-09-21 17:26 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2006-09-21 17:26 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2006-09-21 17:26 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2006-09-21 17:26 407,552 --a------ C:\WINDOWS\system32\mstsc.exe 2006-09-21 17:26 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2006-09-21 17:26 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2006-09-21 17:26 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2006-09-21 17:26 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2006-09-21 17:26 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2006-09-21 17:26 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll 2006-09-21 17:26 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2006-09-21 17:26 33,792 --a------ C:\WINDOWS\system32\regini.exe 2006-09-21 17:26 295,424 --a------ C:\WINDOWS\system32\termsrv.dll 2006-09-21 17:26 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2006-09-21 17:26 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2006-09-21 17:26 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2006-09-21 17:26 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2006-09-21 17:26 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2006-09-21 17:26 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2006-09-21 17:26 20,992 --a------ C:\WINDOWS\system32\msg.exe 2006-09-21 17:26 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2006-09-21 17:26 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2006-09-21 17:26 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2006-09-21 17:26 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2006-09-21 17:26 185,344 --a------ C:\WINDOWS\system32\cmprops.dll 2006-09-21 17:26 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2006-09-21 17:26 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2006-09-21 17:26 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2006-09-21 17:26 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2006-09-21 17:26 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2006-09-21 17:26 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2006-09-21 17:26 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2006-09-21 17:26 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2006-09-21 17:26 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2006-09-21 17:26 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2006-09-21 17:26 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2006-09-21 17:26 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2006-09-21 17:26 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2006-09-21 17:26 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2006-09-21 17:26 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2006-09-21 17:26 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2006-09-21 17:26 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2006-09-21 17:26 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2006-09-21 17:26 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2006-09-21 17:26 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2006-09-21 17:26 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2006-09-21 17:26 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2006-09-21 17:26 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2006-09-21 17:26 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2006-09-21 17:26 114,688 --a------ C:\WINDOWS\system32\calc.exe 2006-09-21 17:26 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2006-09-21 17:26 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2006-09-21 17:26 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2006-09-21 17:26 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2006-09-21 17:26 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2006-09-21 17:26 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-02 22:28 -------- d-------- C:\Program Files\Common Files 2006-10-02 21:25 -------- d-------- C:\Program Files\Call of Duty 2006-10-02 18:47 -------- d-------- C:\Program Files\Winamp 2006-10-02 17:51 -------- d-------- C:\Documents and Settings\Owner\Application Data\Help 2006-10-02 17:00 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-09-30 11:31 -------- d-------- C:\Program Files\Zone Labs 2006-09-29 23:02 4332544 --a------ C:\WINDOWS\system32\logonuiX.exe 2006-09-29 19:20 -------- d-------- C:\Program Files\CursorXP 2006-09-29 18:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Creative 2006-09-29 18:27 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-29 18:27 -------- d-------- C:\Program Files\Creative 2006-09-29 18:09 -------- d-------- C:\Program Files\Analog Devices 2006-09-27 20:14 -------- d-------- C:\Program Files\Common Files\System 2006-09-27 20:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-27 20:14 -------- d-------- C:\Program Files\Common Files\Designer 2006-09-27 20:13 -------- d-------- C:\Program Files\Microsoft Office 2006-09-27 20:13 -------- d-------- C:\Program Files\microsoft frontpage 2006-09-27 19:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\Hewlett-Packard 2006-09-27 18:47 -------- d-------- C:\Program Files\What's In My Computer 2006-09-27 18:17 -------- d-------- C:\Program Files\Hewlett-Packard 2006-09-27 18:10 -------- d-------- C:\Program Files\HP 2006-09-27 18:05 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft 2006-09-27 17:44 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard 2006-09-27 17:43 -------- d-------- C:\Program Files\Internet Explorer 2006-09-26 20:59 -------- d-------- C:\Program Files\Silkroad 2006-09-26 18:11 -------- d-------- C:\Program Files\Free Download Manager 2006-09-26 17:16 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google 2006-09-26 16:43 -------- d-------- C:\Program Files\RealFlight G3 Demo 2006-09-25 17:10 -------- d-------- C:\Program Files\Google 2006-09-23 23:18 -------- d-------- C:\Program Files\LGGSM 2006-09-23 23:18 -------- d-------- C:\Program Files\LG Electronics 2006-09-23 22:09 -------- d-------- C:\Program Files\Digital Music 2006-09-23 15:19 -------- d-------- C:\Program Files\Windows Media Player 2006-09-23 12:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\CyberLink 2006-09-23 12:10 -------- d-------- C:\Program Files\WinRAR 2006-09-23 10:44 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-09-23 10:32 -------- d-------- C:\Program Files\Activision 2006-09-23 09:53 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-23 09:07 -------- d-------- C:\Program Files\Innovative Solutions 2006-09-23 08:53 -------- d-------- C:\Program Files\Bethesda Softworks 2006-09-22 22:02 -------- d-------- C:\Program Files\Windows Defender 2006-09-22 21:44 -------- d-------- C:\Program Files\Windows Live Toolbar 2006-09-22 21:43 -------- d-------- C:\Program Files\MSN Messenger 2006-09-22 21:32 -------- d-------- C:\Program Files\Stardock 2006-09-22 21:00 -------- d-------- C:\Program Files\WinCustomize 2006-09-22 20:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2006-09-22 20:17 -------- d-------- C:\Program Files\Common Files\Stardock 2006-09-22 19:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Logitech 2006-09-22 19:51 -------- d-------- C:\Program Files\Logitech 2006-09-22 19:50 -------- d-------- C:\Program Files\Common Files\Logitech 2006-09-22 19:42 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7 2006-09-22 19:41 -------- d-------- C:\Program Files\Grisoft 2006-09-22 19:37 -------- d-------- C:\Program Files\BT Voyager 100 ADSL Modem 2006-09-22 19:35 -------- d-------- C:\Program Files\Motive 2006-09-22 19:35 -------- d-------- C:\Program Files\Common Files\Motive 2006-09-22 19:35 -------- d-------- C:\Program Files\BT Broadband 2006-09-22 19:29 -------- d-------- C:\Program Files\Common Files\KnifeEdge 2006-09-22 15:53 -------- d-------- C:\Program Files\CyberLink 2006-09-22 15:53 -------- d-------- C:\Program Files\Common Files\Nero 2006-09-22 15:50 -------- d-------- C:\Program Files\Common Files\Ahead 2006-09-22 15:50 -------- d-------- C:\Program Files\Ahead 2006-09-22 01:02 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini 2006-09-22 01:02 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-09-22 01:02 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-21 19:02 -------- d-------- C:\Program Files\DreamCatcher 2006-09-21 18:53 -------- d-------- C:\Program Files\Messenger 2006-09-21 18:51 -------- d-------- C:\Program Files\Outlook Express 2006-09-21 17:45 -------- d-------- C:\Program Files\AMD 2006-09-21 17:39 -------- d--h----- C:\Program Files\Uninstall Information 2006-09-21 17:39 -------- d-------- C:\Documents and Settings\Owner\Application Data\Identities 2006-09-21 17:30 -------- d-------- C:\Program Files\xerox 2006-09-21 17:28 -------- d--h----- C:\Program Files\WindowsUpdate 2006-09-21 17:28 -------- d-------- C:\Program Files\NetMeeting 2006-09-21 17:28 -------- d-------- C:\Program Files\Movie Maker 2006-09-21 17:28 -------- d-------- C:\Program Files\Common Files\Services 2006-09-21 17:28 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-09-21 17:27 -------- d-------- C:\Program Files\Online Services 2006-09-21 17:27 -------- d-------- C:\Program Files\MSN Gaming Zone 2006-09-21 17:27 -------- d-------- C:\Program Files\ComPlus Applications 2006-09-21 17:26 -------- d-------- C:\Program Files\Windows NT 2006-09-21 17:26 -------- d-------- C:\Program Files\MSN 2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll 2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll 2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll 2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll 2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll 2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll 2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll 2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll 2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll 2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll 2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe 2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll 2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll 2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll 2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll 2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll 2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll 2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll 2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll 2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll 2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "SB Audigy 2 Startup Menu"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Startup Menu\\ChkColor.EXE" "Creative MediaSource Go"="C:\\Program Files\\Creative\\MediaSource\\GO\\CTCMSGo.exe /SCB" "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE" "CursorXP"="\"C:\\Program Files\\CursorXP\\CursorXP.exe\" -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "GSICONEXE"="gsicon.exe" "DSLAGENTEXE"="dslagent.exe USB" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM" "BootSkin Startup Jobs"="\"C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\bootskin.exe\" /StartupJobs" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\"" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe" "DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r" "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE" "CTHelper"="CTHELPER.EXE" "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,46,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "IconPackager Repair"="{1799460C-0BC8-4865-B9DF-4A36CD703FF0}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\MP Scheduled Scan.job Completion time: 02/10/2006 22:30:26.03 ComboFix.txt hijackthis log file: Logfile of HijackThis v1.99.1 Scan saved at 22:36:53, on 02/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\My Documents\Old Documents\Jons Documents\Programs\happy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\aabagorf.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158958609484 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371030.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E50CB008-3B56-4BB7-B12B-E29B903E104B}: NameServer = 194.72.0.98 194.72.9.38 O18 - Protocol: bw+0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe hope this has worked???
__________________
*sycko* |
|
|
|
|
10-02-2006, 04:08 PM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
We still have some work to do, but you should have seen a big improvement.
Please go to: VirusTotal
I see you have Ewido already. Please update it's definitions, and run a scan where I have placed it in this fix. Run Ewido
--------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\aabagorf.dll All O18 entries like this one, EXCEPT the first one: O18 - Protocol: bw+0s - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Close HijackThis now. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following if it still exists: C:\WINDOWS\system32\aabagorf.dll Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
Restart in normal mode. --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm Click on the "Free To Use ActiveScan" located on the top right hand corner
--------------------------------------------------------------------------------------------- Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! --------------------------------------------------------------------------------------------- Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please return with results from: VirusTotal Ewido Panda SmitfraudFix (rapport.txt) HJT
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-02-2006, 04:16 PM
|
#8 (permalink) |
|
Registered User
|
ok thanx again tetonbob
i have noticed that its running alot smoother now! i will do those other things u asked when i get back from work tomoz ive got to get up in a few hours! il post back the results later! once again cheers 
__________________
*sycko* |
|
|
|
|
10-02-2006, 04:29 PM
|
#9 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Cheers.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-03-2006, 11:28 AM
|
#10 (permalink) |
|
Registered User
|
ive just had avg find another trojan in my temp internet folder
virustotal result! STATUS: FINISHEDComplete scanning result of "hylvbohg.exe", received in VirusTotal at 10.03.2006, 17:52:53 (CET). Antivirus Version Update Result AntiVir 7.2.0.22 10.03.2006 ADSPY/SearchColours Authentium 4.93.8 10.02.2006 no virus found Avast 4.7.892.0 10.03.2006 no virus found AVG 386 10.03.2006 no virus found BitDefender 7.2 10.03.2006 no virus found CAT-QuickHeal 8.00 10.03.2006 no virus found ClamAV devel-20060426 10.03.2006 no virus found DrWeb 4.33 10.03.2006 Adware.SearchColours eTrust-InoculateIT 23.73.11 10.02.2006 no virus found eTrust-Vet 30.3.3113 10.03.2006 no virus found Ewido 4.0 10.03.2006 no virus found Fortinet 2.82.0.0 10.03.2006 Adware/SearchColours F-Prot 3.16f 10.02.2006 no virus found F-Prot4 4.2.1.29 10.02.2006 no virus found Ikarus 0.2.65.0 10.03.2006 no virus found Kaspersky 4.0.2.24 10.03.2006 no virus found McAfee 4865 10.03.2006 potentially unwanted program Adware-SearchColours Microsoft 1.1603 10.03.2006 no virus found NOD32v2 1.1787 10.02.2006 no virus found Norman 5.90.23 10.03.2006 W32/Stration.OT@mm Panda 9.0.0.4 10.03.2006 Suspicious file Sophos 4.10.0 10.03.2006 no virus found Symantec 8.0 10.03.2006 no virus found TheHacker 6.0.1.090 10.03.2006 no virus found UNA 1.83 10.03.2006 no virus found VBA32 3.11.1 10.03.2006 no virus found VirusBuster 4.3.7:9 10.03.2006 no virus found Aditional Information File size: 143380 bytes MD5: 2c2776dc1def581acc1eacde4d4cf198 SHA1: d626dc0fa3fa6191983777486d97ff2fd4a0b4fa VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
__________________
*sycko* |
|
|
|
|
10-03-2006, 11:50 AM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
In combination with the previous instructions, delete the file you just had scanned:
C:\WINDOWS\system32\hylvbohg.exe Post all requested logs at one time, please.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-03-2006, 12:26 PM
|
#12 (permalink) |
|
Registered User
|
right hear goes
smaudfix scan SmitFraudFix v2.104 Scan done at 19:19:00.71, 03/10/2006 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ot.ico FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="wbsys.dll" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End virus total C:\WINDOWS\system32\hylvbohg.exe "DELETED" ewido scan just found some cookies! and no spy/addware C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@ehg-liverpoolfctv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). hijack this log Logfile of HijackThis v1.99.1 Scan saved at 19:25:25, on 03/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\BT Broadband\Help\bin\mpbtn.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Owner\My Documents\Old Documents\Jons Documents\Programs\happy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?27e080f36a7b4314b02fe1b007c65ac1 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158958609484 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371030.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E50CB008-3B56-4BB7-B12B-E29B903E104B}: NameServer = 194.72.0.98 194.72.9.38 O18 - Protocol: bw+0 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {520EBE0A-BAF8-4558-B156-BCE987C20F69} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe still scanning with online panda but its sofar found 9 spyware and 2 hacking tools and potentialy unwanted tools panda active scan report: Incident Status Location Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico Adware:adware/safetybar Not disinfected c:\documents and settings\all users\desktop\Online Security Guide.url Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Gemsy\Cookies\gemsy@anm.co[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
__________________
*sycko* Last edited by sycko; 10-03-2006 at 12:49 PM. |
|
|
|
|
10-03-2006, 02:33 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt --------------------------------------------------------------------------------------------- Once back in normal Windows: Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. Please return with the rapport.txt (log from the SmitfraudFix tool)
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-03-2006, 02:59 PM
|
#14 (permalink) |
|
Registered User
|
SmitFraudFix v2.104
Scan done at 21:50:49.48, 03/10/2006 Run from C:\Documents and Settings\Owner\My Documents\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ot.ico Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
__________________
*sycko* |
|
|
|
|
10-03-2006, 06:34 PM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Good job!
Let's run one last online scan to see if any lurkers remain: Establish an internet connection & perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
--------------------------------------------------------------------------------------------- How is your system behaving now, please?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-04-2006, 11:15 AM
|
#16 (permalink) |
|
Registered User
|
hi, the system is running alot better thanx and i realy appreciate u helping me out like this i know u are realy busy with the amount of posts in the hijack this forum! i will donate when i get paid!
KASPERSKY ONLINE SCANNER REPORT Wednesday, October 04, 2006 6:12:22 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 4/10/2006 Kaspersky Anti-Virus database records: 228842 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 48021 Number of viruses found 1 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 00:43:20 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\032e197af94d51de94f1a7a12a03c207_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24cfddae80ef8bbd31b2a5fd4f91e82a_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29899a5e5e24df3ffd459294d5c17fd0_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\333ad167baf1ec9835a27014d3eab990_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\547eb49793bf97834dcc1d11c91cf92c_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c0b1666de76e4e0dad6023f41ef6e8b_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d2f38e9c50490b2209e181289d1e178_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c6fef5ca12139e358326b5802b835dd_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8dc018d12dcd1631555861bd61b822fb_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\900678e73bf4586c2488e8bea77983a6_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\996c085282ae544fc7cff30f0c5044e7_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5dcd865f19aadd6f4dff05c36833b21_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8f5c54afa3861ba7dde755210271480_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf770dc9ca738a4bfd6712b51fcd5522_f1a39805-f6c9-42b5-b67a-bd6feb9b7066 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-09222006-220241.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\Working\database_CCCC_4E21_CC4E_5E4\dfsr.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\Working\database_CCCC_4E21_CC4E_5E4\fsr.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\Working\database_CCCC_4E21_CC4E_5E4\fsrtmp.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jonsykes80@hotmail.com\SharingMetadata\Working\database_CCCC_4E21_CC4E_5E4\tmp.edb Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{ADFE6463-B5E8-41D8-B538-66B37CB4749E} Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\jonsykes80@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\jonsykes80@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006100420061005\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF780A.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFA91E.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFAAD3.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFDC69.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFDCB6.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\BT Broadband\Help\log\mpbtn.log Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\BWDocMap.pht Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\BWInfopakMap.pht Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\D0000000.FCS Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\inuse.txt Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\L0000003.FCS Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\main.log Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.dat Object is locked skipped C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.idx Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8F506716-277A-485F-856F-8FF97E583A00}\RP14\change.log Object is locked skipped C:\System Volume Information\_restore{8F506716-277A-485F-856F-8FF97E583A00}\RP5\A0001199.dll Object is locked skipped C:\System Volume Information\_restore{8F506716-277A-485F-856F-8FF97E583A00}\RP5\A0001202.exe Object is locked skipped C:\System Volume Information\_restore{8F506716-277A-485F-856F-8FF97E583A00}\RP6\A0001259.exe Object is locked skipped C:\System Volume Information\_restore{8F506716-277A-485F-856F-8FF97E583A00}\RP6\A0001268.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\OWNER-A4AD48CB8.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0332e.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT04645.TMP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped Scan process completed.
__________________
*sycko* |
|
|
|
|
10-04-2006, 11:31 AM
|
#17 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
The "infected" items are actually files placed by one of the tools we used. Since they can be used maliciously (but have not been in this case) Scanners flag them.
You may delete the SmitfraudFix folders. Delete the following: C:\Documents and Settings\Owner\My Documents\SmitfraudFix C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip --------------------------------------------------------------------------------------------- Other than that, it looks good from here! Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders
Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 4 free ones available for personal use: In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-04-2006, 12:13 PM
|
#18 (permalink) |
|
Registered User
|
thanx alot tetonbob your a start!! i appreciate it!
think i will keep the SmitfraudFix folder incase i need it again in the futer! what did i have then? virus/trojan/hacker/keylpgger/spyware was it seriouse? systems running great now thanx to u
__________________
*sycko* |
|
|
|
|
10-04-2006, 07:34 PM
|
#19 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Tools are frequently updated. It's best to remove the current version of SmitfraudFix, and should the need ever arise (it better not!!
 ) get it anew.Here's what you had (a variant of) http://www.symantec.com/security_res...112111-3912-99
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
