Virus, Constant Popups, Rundll32.exe error, userinit.exe error

greenoznic · 06-09-2008, 09:58 PM

I seem to have somehow contracted a virus that is giving me the following problems:

· Constant pop-ups from Internet Explorer;
· Rundll32.exe application error whenever I try to click on any of the icons in control panel;
· I am unable to download or install any windows updates, it won’t let me open my security centre or update from the Microsoft site;
· Whenever I try to log onto the computer I get a userinit.exe error and all that comes up is my background, it doesn’t seem to open Explorer at all. I have been able to access Explorer through the task manager though.

I followed all your steps, but was unable to complete step one due to not being able to access anything through control panel. I was also unable to update Windows fully due to the abovementioned problem.

I was also having problems running HiJack This through Deckards so I ran it separately.

Here is all the other info you require:

Deckards
Deckard's System Scanner v20071014.68
Run by Trish on 2008-06-10 13:29:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Trish.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:04 PM, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
\Win2kserver\files\New Folder (2)\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Trish.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE838836-5A14-461D-B964-E63B8CA523E1} - C:\WINDOWS\system32\qoMfcaWp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [28c2af21] rundll32.exe "C:\WINDOWS\system32\mxlmeacy.dll",b
O4 - HKLM\..\Run: [BM2bf19cbd] Rundll32.exe "C:\WINDOWS\system32\qmdwhovu.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2874] command /c del "C:\WINDOWS\system32\qoMfcaWp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC508] cmd /c del "C:\WINDOWS\system32\qoMfcaWp.dll_old"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Trish\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Trish\Application Data\Microsoft\Windows\wpbbxb.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006283F.dat
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 22486 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 13:27:27 0 d-------- C:\Program Files\Trend Micro
2008-06-10 13:10:30 21312 --a------ C:\WINDOWS\choice.exe
2008-06-10 13:09:19 0 d-------- C:\ie-spyad
2008-06-10 13:07:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 13:03:11 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 09:03:47 51200 --a------ C:\WINDOWS\system32\__c006283F.dat
2008-06-10 09:03:45 51200 --a------ C:\WINDOWS\system32\hqwcdcmj.dll
2008-06-10 09:01:07 51200 --a------ C:\WINDOWS\system32\taysvcby.dll
2008-06-10 09:01:06 51200 --a------ C:\WINDOWS\system32\pgkojvsk.dll
2008-06-10 09:00:25 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 09:00:24 2539 --a------ C:\WINDOWS\unins000.dat
2008-06-10 08:58:07 51200 --a------ C:\WINDOWS\system32\rotaysuk.dll
2008-06-10 08:58:06 51200 --a------ C:\WINDOWS\system32\bjpmwyvk.dll
2008-06-10 08:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 08:55:22 82944 --a------ C:\WINDOWS\system32\mxlmeacy.dll
2008-06-10 08:55:19 51200 --a------ C:\WINDOWS\system32\ljcckvei.dll
2008-06-10 08:54:38 91136 --a------ C:\WINDOWS\system32\qmdwhovu.dll
2008-06-10 08:51:46 51200 --a------ C:\WINDOWS\system32\mawealib.dll
2008-06-06 12:12:16 0 d-------- C:\Program Files\QdrPack
2008-06-06 12:12:15 0 d-------- C:\Program Files\ISM
2008-06-06 12:07:08 0 d-------- C:\Documents and Settings\Trish\Application Data\SpeedRunner
2008-06-06 12:02:10 0 d-------- C:\Program Files\Svconr
2008-06-06 11:57:09 0 d-------- C:\Program Files\Spcron
2008-06-06 11:57:02 0 d-------- C:\Program Files\Temporary
2008-06-06 11:51:59 0 d-------- C:\Program Files\JavaCore
2008-06-06 10:31:06 0 d-------- C:\Program Files\Panda Security
2008-06-06 08:37:44 51200 --a------ C:\WINDOWS\system32\__c00AA186.dat
2008-06-06 08:37:41 51200 --a------ C:\WINDOWS\system32\jsmnywsf.dll
2008-06-06 08:34:31 82944 --a------ C:\WINDOWS\system32\jtwsepvs.dll
2008-06-06 08:32:40 91136 --a------ C:\WINDOWS\system32\sxmxjrmc.dll
2008-06-05 11:32:32 403277 --ahs---- C:\WINDOWS\system32\pWacfMoq.ini2
2008-06-05 11:27:04 28160 --a------ C:\WINDOWS\system32\tuvWmnLe.dll
2008-06-05 11:22:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-05 11:20:00 0 d-------- C:\Program Files\Softland
2008-06-05 11:00:29 0 d-------- C:\Program Files\Jasc Software Inc
2008-06-05 10:55:52 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 10:40:03 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-05-27 15:28:08 1024 --a------ C:\WINDOWS\system32\winpdfstamp.dat
2008-05-26 08:44:09 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 12:23:21 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 12:16:09 0 d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com
2008-05-22 11:41:34 49664 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-22 11:41:31 0 d-------- C:\Program Files\Active Ports
2008-05-22 11:03:31 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-05-22 11:02:57 0 d-------- C:\WINDOWS\system32\Cache
2008-05-22 11:00:05 0 d-------- C:\Inetpub
2008-05-22 10:27:59 73728 --a------ C:\WINDOWS\system32\ZLIB.DLL
2008-05-22 10:27:38 49152 --a------ C:\WINDOWS\SDConfig.dll
2008-05-22 10:27:38 0 d-------- C:\Sharpdesk Desktop
2008-05-22 10:27:35 0 d-------- C:\Program Files\Common Files\Sharp Shared
2008-05-22 10:27:22 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:22 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:21 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-22 10:27:20 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-22 10:27:13 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-22 10:27:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-22 10:27:13 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:10 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:10 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:09 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:08 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:26:39 32768 --a------ C:\WINDOWS\wangimg.exe <Not Verified; Eastman Software, Inc., A Kodak Business; Imaging for Windows®>
2008-05-22 10:26:39 32768 --a------ C:\WINDOWS\kodakimg.exe <Not Verified; Eastman Software, Inc., A Kodak Business; Imaging for Windows®>
2008-05-22 10:25:54 0 d-------- C:\Program Files\Sharp
2008-05-22 10:24:16 0 d-------- C:\Documents and Settings\Trish\WINDOWS

-- Find3M Report ---------------------------------------------------------------

2008-06-06 12:31:32 0 d-------- C:\Program Files\GetRight
2008-05-22 10:27:35 0 d-------- C:\Program Files\Common Files
2008-05-06 08:59:39 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-06 08:52:06 0 d-------- C:\Program Files\WinPcap

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-06-10 13:30:16 ------------

HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:31 PM, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE838836-5A14-461D-B964-E63B8CA523E1} - C:\WINDOWS\system32\qoMfcaWp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [28c2af21] rundll32.exe "C:\WINDOWS\system32\mxlmeacy.dll",b
O4 - HKLM\..\Run: [BM2bf19cbd] Rundll32.exe "C:\WINDOWS\system32\qmdwhovu.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2874] command /c del "C:\WINDOWS\system32\qoMfcaWp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC508] cmd /c del "C:\WINDOWS\system32\qoMfcaWp.dll_old"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Trish\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Trish\Application Data\Microsoft\Windows\wpbbxb.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006283F.dat
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 22458 bytes

Thankyou very much for any help you provide.

Cheers

greenoznic · 06-12-2008, 10:02 PM

Bumped for 72 hours

**chemist** · 06-13-2008, 02:05 PM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Your computer has more problems than malware. Your WMI or Windows Management Instrumentation is not working.

We will try to clean your system, but you may need to seek additional help in our Windows XP forum to get your system back to normal.

------------------------------------------------------

Quote:

\Win2kserver\files\New Folder (2)\dss.exe

Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then Run from the Desktop. Thanks.

------------------------------------------------------

Please download SDFix and Save it to your Desktop.

Double-click SDFix.exe
Click Run
Click Install to extract the files to the Windows Directory drive, typically C:\SDFix

------------------------------------------------------

Please visit this webpage for instructions on downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed, this blue window will appear:

Click NO to exit ComboFix now.

------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:

Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key. In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode and press Enter.
Login on your usual account. Make sure to close any open browsers.

Open the extracted SDFix folder and double-click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will now remove any Trojan Services and Registry Entries that it finds.
Please be patient while it runs. When finished, it will prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the C:\SDFix folder as Report.txt
Post that log in your next reply.

------------------------------------------------------

From Normal Mode...

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Get help here

------------------------------------------------------

Double-click on ComboFix.exe & follow the prompts.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.

greenoznic · 06-15-2008, 09:15 PM

Thanks for getting back to me,

Here are my results:

SDFix: Version 1.192
Run by Trish on 2008-06-16 at 12:16

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Trish\Desktop\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\TRISH\APPLIC~1\MICROS~1\WINDOWS\WPBBXB.EXE - Deleted
C:\Documents and Settings\Trish\Application Data\SpeedRunner\SpeedRunner.exe - Deleted

Folder C:\Documents and Settings\Trish\Application Data\SpeedRunner - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:33:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\__c006283F.dat"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"="C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe:*:Enabled:sdFTP"
"C:\\Documents and Settings\\Trish\\Local Settings\\Temp\\is-B9D2R.tmp\\ServUSetup.tmp"="C:\\Documents and Settings\\Trish\\Local Settings\\Temp\\is-B9D2R.tmp\\ServUSetup.tmp:*:Enabled:Setup/Uninstall"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Trish\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 30 Dec 2002 27,136 A..H. --- "C:\WINDOWS\Templates\~WRL2063.tmp"
Wed 21 Jul 2004 41,984 A..H. --- "C:\WINDOWS\Templates\~WRL3167.tmp"
Thu 12 Apr 2007 121,344 ...H. --- "C:\Documents and Settings\Trish\My Documents\~WRL1233.tmp"
Wed 1 Feb 2006 40,960 A..H. --- "C:\WINDOWS\Templates\Rams\~WRL2508.tmp"
Mon 30 Dec 2002 27,136 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\~WRL2063.tmp"
Wed 21 Jul 2004 41,984 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\~WRL3167.tmp"
Tue 17 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT5A.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT15B.tmp"
Wed 1 Feb 2006 40,960 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\Rams\~WRL2508.tmp"
Thu 15 Nov 2007 3,231,232 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0053.tmp"
Thu 15 Nov 2007 5,478,400 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0125.tmp"
Mon 18 Jun 2007 120,320 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0372.tmp"
Thu 15 Nov 2007 3,225,600 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0409.tmp"
Thu 15 Nov 2007 3,232,256 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0421.tmp"
Tue 12 Feb 2008 60,928 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0442.tmp"
Mon 18 Jun 2007 119,296 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0872.tmp"
Mon 18 Jun 2007 113,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1174.tmp"
Tue 17 Jul 2007 35,328 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1259.tmp"
Fri 13 Apr 2007 130,560 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1381.tmp"
Thu 30 Aug 2007 13,874,688 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1421.tmp"
Mon 18 Jun 2007 115,712 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1767.tmp"
Fri 19 Oct 2007 61,952 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1784.tmp"
Mon 18 Jun 2007 124,928 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1858.tmp"
Mon 18 Jun 2007 124,416 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1881.tmp"
Thu 15 Nov 2007 3,231,232 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1915.tmp"
Mon 18 Feb 2008 66,048 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2046.tmp"
Thu 15 Nov 2007 3,225,088 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2062.tmp"
Wed 24 Oct 2007 69,632 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2266.tmp"
Thu 30 Aug 2007 13,874,176 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2467.tmp"
Mon 18 Jun 2007 116,736 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2726.tmp"
Mon 18 Jun 2007 116,736 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2895.tmp"
Thu 15 Nov 2007 6,288,384 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2938.tmp"
Mon 16 Jul 2007 28,160 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3059.tmp"
Fri 19 Oct 2007 68,608 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3081.tmp"
Mon 18 Jun 2007 113,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3174.tmp"
Thu 15 Nov 2007 4,680,704 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3406.tmp"
Thu 30 Aug 2007 13,873,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3557.tmp"
Fri 19 Oct 2007 62,464 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3667.tmp"
Thu 17 May 2007 64,512 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3913.tmp"

Finished!

ComboFix 08-06-15.2 - Trish 2008-06-16 12:51:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.518 [GMT 10:00]
Running from: C:\Documents and Settings\Trish\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Trish\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Trish\Local Settings\Temporary Internet Files\CPV.stt
.
---- Previous Run -------
.
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\bostrupd.exe
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\QdrPack\QdrPack17.exe
C:\Program Files\QdrPack\trgtys.gz
C:\Program Files\QdrPack\wadsvupd.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 12:07 . 2008-06-16 12:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 09:11 . 2008-06-14 01:37 <DIR> d-------- C:\SDFix
2008-06-16 08:46 . 2008-06-16 08:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\iCheck
2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\GetPack
2008-06-12 08:21 . 2008-06-16 09:07 <DIR> d-------- C:\Program Files\GetModule
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\MSN6
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-10 13:27 . 2008-06-10 13:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 13:14 . 2008-06-10 13:14 <DIR> d-------- C:\Deckard
2008-06-10 13:10 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-06-10 13:09 . 2008-06-10 13:09 <DIR> d-------- C:\ie-spyad
2008-06-10 13:07 . 2008-06-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 13:03 . 2008-06-10 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-10 13:03 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-10 09:33 . 2008-06-10 10:11 243 --a------ C:\WINDOWS\wininit.ini
2008-06-10 09:00 . 2008-06-10 08:58 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 09:00 . 2008-06-10 09:00 2,539 --a------ C:\WINDOWS\unins000.dat
2008-06-10 08:56 . 2008-06-10 09:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 08:56 . 2008-06-10 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 10:31 . 2008-06-06 10:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Softland
2008-06-05 11:20 . 2008-06-04 12:58 22,168 --a------ C:\WINDOWS\system32\novamns5.dll
2008-06-05 11:20 . 2008-06-04 12:58 18,584 --a------ C:\WINDOWS\system32\novamis5.dll
2008-06-05 11:20 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novas5.ctm
2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-05 10:41 . 2008-06-05 11:14 527 --a------ C:\WINDOWS\PDFWatermark.INI
2008-06-05 10:40 . 2008-06-05 10:40 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-04 08:52 . 2008-06-04 08:52 268 --ah----- C:\sqmdata13.sqm
2008-06-04 08:52 . 2008-06-04 08:52 244 --ah----- C:\sqmnoopt13.sqm
2008-06-03 08:39 . 2008-06-03 08:39 268 --ah----- C:\sqmdata12.sqm
2008-06-03 08:39 . 2008-06-03 08:39 244 --ah----- C:\sqmnoopt12.sqm
2008-05-28 21:02 . 2008-05-28 18:02 74,240 --------- C:\WINDOWS\b156.exe_old
2008-05-27 15:28 . 2008-06-05 11:16 1,024 --a------ C:\WINDOWS\system32\winpdfstamp.dat
2008-05-26 08:44 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-22 12:23 . 2008-05-22 12:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 12:16 . 2008-05-22 12:16 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com
2008-05-22 11:41 . 2008-05-22 11:41 <DIR> d-------- C:\Program Files\Active Ports
2008-05-22 11:41 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe
2008-05-22 11:03 . 2008-05-22 11:03 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-05-22 11:01 . 2006-02-28 22:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-05-22 11:00 . 2008-05-22 11:03 <DIR> d-------- C:\Inetpub
2008-05-22 10:27 . 2008-05-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Sharp Shared
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\wangimg.exe
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\kodakimg.exe
2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\Program Files\Sharp
2008-05-22 10:24 . 2008-05-22 10:24 <DIR> d-------- C:\Documents and Settings\Trish\WINDOWS
2008-05-20 08:37 . 2008-05-20 08:37 268 --ah----- C:\sqmdata11.sqm
2008-05-20 08:37 . 2008-05-20 08:37 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 02:31 --------- d-----w C:\Program Files\GetRight
2008-05-22 00:27 155,995 ----a-w C:\WINDOWS\java\Packages\XBHJPFTF.ZIP
2008-05-05 22:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-05 22:52 --------- d-----w C:\Program Files\WinPcap
2007-08-28 04:48 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader.dll
2007-08-28 04:48 40,960 -c--a-w C:\Documents and Settings\Administrator\RichEdHook.dll
2007-08-28 04:48 4,096 -c--a-w C:\Documents and Settings\Administrator\Detoured.dll
2007-08-28 04:48 344,064 -c--a-w C:\Documents and Settings\Administrator\Libsndfile.dll
2007-08-28 04:48 339,968 -c--a-w C:\Documents and Settings\Administrator\Lame_enc.dll
2007-08-28 04:48 190,024 ----a-w C:\Documents and Settings\Administrator\MsgPlus.exe
2007-08-28 04:48 1,914,440 -c--a-w C:\Documents and Settings\Administrator\MsgPlusH.dll
2007-08-07 00:43 51,848 -c--a-w C:\Program Files\lcallig.ttf
2006-08-08 23:44 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader1.dll
2006-06-14 23:27 9,409,224 -c--a-w C:\Documents and Settings\Administrator\Install_MSN_Messenger.exe
2006-06-14 23:11 4,752,968 -c--a-w C:\Documents and Settings\Administrator\MsgPlus-363.exe
2006-06-13 00:06 21,290,704 -c--a-w C:\Program Files\AdbeRdr708_en_US.exe
2006-06-12 23:59 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe
2006-06-12 23:56 762,512 -c--a-w C:\Program Files\ytb612_efgsip.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE838836-5A14-461D-B964-E63B8CA523E1}]
C:\WINDOWS\system32\qoMfcaWp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 07:55 32768]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 09:23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MessengerPlus3"="C:\Documents and Settings\Administrator\MsgPlus.exe" [2007-08-28 14:48 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2001-11-08 10:37 28672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 19:08 350208]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-10 07:40 351744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 22:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20 69632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 11:14 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"28c2af21"="C:\WINDOWS\system32\mxlmeacy.dll" [ ]
"BM2bf19cbd"="C:\WINDOWS\system32\qmdwhovu.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-06-15 09:47:31 82026]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-22 07:55:23 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-27 10:49:45 688128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 14:05:56 65588]
Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [2008-05-22 10:26:21 275968]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-06-10 07:28:42 335872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 03:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G]
\Shell\AutoRun\command - Y:\Autorun.exe /run
\Shell\Shell00\Command - Y:\Autorun.exe /run
\Shell\Shell01\Command - Y:\Autorun.exe /action
\Shell\Shell02\Command - Y:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 10:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 02:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2006-10-12 07:11:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:59:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-16 13:10:27 - machine was rebooted [Trish]
ComboFix-quarantined-files.txt 2008-06-16 03:10:23

Pre-Run: 28,283,342,848 bytes free
Post-Run: 30,932,054,016 bytes free

212 --- E O F --- 2008-05-28 07:09:07

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:50 PM, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE838836-5A14-461D-B964-E63B8CA523E1} - C:\WINDOWS\system32\qoMfcaWp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [28c2af21] rundll32.exe "C:\WINDOWS\system32\mxlmeacy.dll",b
O4 - HKLM\..\Run: [BM2bf19cbd] Rundll32.exe "C:\WINDOWS\system32\qmdwhovu.dll",s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 22303 bytes

Cheers

**chemist** · 06-16-2008, 01:53 AM

Hello again, greenoznic. Please tell us how your system is behaving.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

File::
C:\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897
C:\Program Files\ISM\ism.exe
C:\WINDOWS\b155.exe_old
C:\WINDOWS\system32\qoMfcaWp.dll_old
C:\WINDOWS\system32\tuvWmnLe.dll
C:\WINDOWS\b156.exe_old

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE838836-5A14-461D-B964-E63B8CA523E1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"28c2af21"=-
"BM2bf19cbd"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and Save it to your Desktop.
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the Download button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
Click Continue
Click on the link to download Windows Offline Installation and Save the file to your Desktop.
Close any programs you may have running - especially your web browser.
Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
Click (highlight) any item older than Java(TM) 6 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button.
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
  - Trace and Log Files
- Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
Kaspersky report
new HijackThis log
report on system behavior

greenoznic · 06-16-2008, 07:02 PM

Hi,

Thanks for the assistance, I am now able to log into Windows normally with no problem, but I am not able to access our network server at work whenever I click on it it comes up saying that it isn't accessible and I may not have permission to use this network resource and that the network path was not found. I am still getting some popups and two dll errors, they are:

c/windows\system32\mxlmeacy.dll and c/windows\system32\qmdwhovu.dll.

Here is my new scans:

ComboFix 08-06-15.2 - Trish 2008-06-17 8:58:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT 10:00]
Running from: C:\Documents and Settings\Trish\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trish\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897
C:\Program Files\ISM\ism.exe
C:\WINDOWS\b155.exe_old
C:\WINDOWS\b156.exe_old
C:\WINDOWS\system32\qoMfcaWp.dll_old
C:\WINDOWS\system32\tuvWmnLe.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897
C:\WINDOWS\b155.exe_old
C:\WINDOWS\b156.exe_old

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 14:10 . 2008-06-16 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-16 12:07 . 2008-06-16 12:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 09:11 . 2008-06-14 01:37 <DIR> d-------- C:\SDFix
2008-06-16 08:46 . 2008-06-16 08:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\iCheck
2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\GetPack
2008-06-12 08:21 . 2008-06-17 08:33 <DIR> d-------- C:\Program Files\GetModule
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\MSN6
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-10 13:27 . 2008-06-10 13:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 13:14 . 2008-06-10 13:14 <DIR> d-------- C:\Deckard
2008-06-10 13:10 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-06-10 13:09 . 2008-06-10 13:09 <DIR> d-------- C:\ie-spyad
2008-06-10 13:07 . 2008-06-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 13:03 . 2008-06-10 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-10 13:03 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-10 09:33 . 2008-06-10 10:11 243 --a------ C:\WINDOWS\wininit.ini
2008-06-10 09:00 . 2008-06-10 08:58 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 09:00 . 2008-06-10 09:00 2,539 --a------ C:\WINDOWS\unins000.dat
2008-06-10 08:56 . 2008-06-17 08:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 08:56 . 2008-06-17 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 10:31 . 2008-06-06 10:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Softland
2008-06-05 11:20 . 2008-06-04 12:58 22,168 --a------ C:\WINDOWS\system32\novamns5.dll
2008-06-05 11:20 . 2008-06-04 12:58 18,584 --a------ C:\WINDOWS\system32\novamis5.dll
2008-06-05 11:20 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novas5.ctm
2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-05 10:41 . 2008-06-05 11:14 527 --a------ C:\WINDOWS\PDFWatermark.INI
2008-06-05 10:40 . 2008-06-05 10:40 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-04 08:52 . 2008-06-04 08:52 268 --ah----- C:\sqmdata13.sqm
2008-06-04 08:52 . 2008-06-04 08:52 244 --ah----- C:\sqmnoopt13.sqm
2008-06-03 08:39 . 2008-06-03 08:39 268 --ah----- C:\sqmdata12.sqm
2008-06-03 08:39 . 2008-06-03 08:39 244 --ah----- C:\sqmnoopt12.sqm
2008-05-27 15:28 . 2008-06-05 11:16 1,024 --a------ C:\WINDOWS\system32\winpdfstamp.dat
2008-05-26 08:44 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-22 12:23 . 2008-05-22 12:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 12:16 . 2008-05-22 12:16 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com
2008-05-22 11:41 . 2008-05-22 11:41 <DIR> d-------- C:\Program Files\Active Ports
2008-05-22 11:41 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe
2008-05-22 11:03 . 2008-05-22 11:03 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-05-22 11:01 . 2006-02-28 22:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-05-22 11:00 . 2008-05-22 11:03 <DIR> d-------- C:\Inetpub
2008-05-22 10:27 . 2008-05-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Sharp Shared
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\wangimg.exe
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\kodakimg.exe
2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\Program Files\Sharp
2008-05-22 10:24 . 2008-05-22 10:24 <DIR> d-------- C:\Documents and Settings\Trish\WINDOWS
2008-05-20 08:37 . 2008-05-20 08:37 268 --ah----- C:\sqmdata11.sqm
2008-05-20 08:37 . 2008-05-20 08:37 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 02:31 --------- d-----w C:\Program Files\GetRight
2008-05-22 00:27 155,995 ----a-w C:\WINDOWS\java\Packages\XBHJPFTF.ZIP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 22:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-05 22:52 --------- d-----w C:\Program Files\WinPcap
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-08-28 04:48 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader.dll
2007-08-28 04:48 40,960 -c--a-w C:\Documents and Settings\Administrator\RichEdHook.dll
2007-08-28 04:48 4,096 -c--a-w C:\Documents and Settings\Administrator\Detoured.dll
2007-08-28 04:48 344,064 -c--a-w C:\Documents and Settings\Administrator\Libsndfile.dll
2007-08-28 04:48 339,968 -c--a-w C:\Documents and Settings\Administrator\Lame_enc.dll
2007-08-28 04:48 190,024 ----a-w C:\Documents and Settings\Administrator\MsgPlus.exe
2007-08-28 04:48 1,914,440 -c--a-w C:\Documents and Settings\Administrator\MsgPlusH.dll
2007-08-07 00:43 51,848 -c--a-w C:\Program Files\lcallig.ttf
2006-08-08 23:44 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader1.dll
2006-06-14 23:27 9,409,224 -c--a-w C:\Documents and Settings\Administrator\Install_MSN_Messenger.exe
2006-06-14 23:11 4,752,968 -c--a-w C:\Documents and Settings\Administrator\MsgPlus-363.exe
2006-06-13 00:06 21,290,704 -c--a-w C:\Program Files\AdbeRdr708_en_US.exe
2006-06-12 23:59 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe
2006-06-12 23:56 762,512 -c--a-w C:\Program Files\ytb612_efgsip.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_13.10.11.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 02:58:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 22:53:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 08:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-03 13:10:38 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 08:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 12:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-03 13:10:38 274,304 -c----w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-16 02:59:30 216,938 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-16 22:53:34 218,223 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 08:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 12:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-08 11:51:14 14,640 -c--a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 07:55 32768]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 09:23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MessengerPlus3"="C:\Documents and Settings\Administrator\MsgPlus.exe" [2007-08-28 14:48 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2001-11-08 10:37 28672]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 19:08 350208]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-10 07:40 351744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 22:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20 69632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 11:14 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-06-15 09:47:31 82026]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-22 07:55:23 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-27 10:49:45 688128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 14:05:56 65588]
Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [2008-05-22 10:26:21 275968]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-06-10 07:28:42 335872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 03:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G]
\Shell\AutoRun\command - Y:\Autorun.exe /run
\Shell\Shell00\Command - Y:\Autorun.exe /run
\Shell\Shell01\Command - Y:\Autorun.exe /action
\Shell\Shell02\Command - Y:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 10:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 06:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2006-10-12 07:11:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 09:02:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 9:04:45
ComboFix-quarantined-files.txt 2008-06-16 23:04:21
ComboFix2.txt 2008-06-16 03:10:28

Pre-Run: 30,751,010,816 bytes free
Post-Run: 30,768,918,528 bytes free

352 --- E O F --- 2008-06-16 03:53:41

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 16, 2008 22:08:02
Records in database: 875027
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 58062
Threat name: 11
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 01:02:22

File name / Threat name / Threats count
C:\Documents and Settings\Trish\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.pbq 1
C:\Documents and Settings\Trish\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.qqn 1
C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan.Java.ClassLoader.h 1
C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan.Java.ClassLoader.d 1
C:\QooBox\Quarantine\C\WINDOWS\b155.exe_old.vir Infected: Trojan.Win32.BHO.bkm 1
C:\QooBox\Quarantine\C\WINDOWS\b156.exe_old.vir Infected: not-a-virus:AdWare.Win32.Insider.j 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bjpmwyvk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hqwcdcmj.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jsmnywsf.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jtwsepvs.dll.vir Infected: Trojan-Downloader.Win32.Agent.sei 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ljcckvei.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mawealib.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mxlmeacy.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pgkojvsk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qmdwhovu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rotaysuk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sxmxjrmc.dll.vir Infected: Trojan-Downloader.Win32.Agent.seh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\taysvcby.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWmnLe.dll.vir Infected: Trojan.Win32.Agent.rmp 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:21 AM, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 21573 bytes

Cheers

**chemist** · 06-16-2008, 08:48 PM

Hello again, greenoznic.

Quote:

I am still getting some popups and two dll errors, they are:

c/windows\system32\mxlmeacy.dll and c/windows\system32\qmdwhovu.dll.

No malware is showing in your logs and your Kaspersky log is only showing files that have been quarantined. You should not be getting anymore popups or those dll error messages. How is your system behaving now? Please let me know. We may have to try another scanner.

Quote:

but I am not able to access our network server at work whenever I click on it it comes up saying that it isn't accessible and I may not have permission to use this network resource and that the network path was not found.

I'm not really up on networking. I can suggest expert advice from our networking forum when we are done.

You have other problems, remember. Your WMI is not working. That will take advice from another forum when we are done. Because of this, I am unable to see some parts of your logs.

Please do the following:

Double-click on HijackThis.exe to run it.
Open the Misc Tools section and click the button labelled Open Uninstall Manager
Click the Save List button and Save it to your Desktop.
Post uninstall_list.txt in your next reply.

greenoznic · 06-16-2008, 09:27 PM

Hi

Thanks for getting back to me so quick. I am still getting a fair few popups.

Here's the uninstall list:

Active Ports
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
CDDRV_Installer
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
e-tax 2006
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
Image Web Server 7.0 IE Plugin (3,1,0,230)
Internet Speed Monitor
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 6
KhalSetup
Logitech Desktop Messenger
Logitech SetPoint
McAfee VirusScan Enterprise
Messenger Plus! 3
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MYOB Premier v10
MYOB Premier v9
Nero Suite
novaPDF Standard Desktop 5.4 printer
OneCare Advisor (Windows Live Toolbar)
Paint Shop Pro 7 Evaluation
Panda ActiveScan 2.0
PaperPort
Photo Resizer Pro v3.7
Popup Blocker (Windows Live Toolbar)
QuickTime
Realtek AC'97 Audio
Red Square 6 Installed in: C:\RED SQUARE
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Sharpdesk
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
StuffPlug 3
UBD 2004 Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 4.0
Yahoo! Toolbar

Cheers

**chemist** · 06-16-2008, 10:13 PM

Hello again, greenoznic.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

You have installed Messenger Plus! 3. This program is known to install malware. If the program is a must have, reinstall it and decline when asked to install the sponsor's software.

------------------------------------------------------

Please download fl.zip and Save it to your Desktop.
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat
It should produce a report at C:\findlop.txt. Post the contents of the report in your next reply.

------------------------------------------------------

Delete dss.exe from your desktop if it still exists.

Delete the following Folder if it still exists:

C:\Deckard

------------------------------------------------------

You have old versions of Java still installed. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Close any programs you may have running - especially your web browser.
Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs
Click (highlight) the following items:
- J2SE Runtime Environment 5.0 Update 10
- J2SE Runtime Environment 5.0 Update 7
- J2SE Runtime Environment 5.0 Update 9
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Restart your computer once all Java components are removed.

------------------------------------------------------

Please download Deckard's System Scanner (DSS) and Save it to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:
C:\Deckard\System Scanner\extra.txt
Click Upload

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

------------------------------------------------------

Please post the following in your next reply:

C:\findlop.txt
main.txt
an attached extra.txt

greenoznic · 06-16-2008, 10:35 PM

Hey, here is my next lot of scans (dss didn't produce an extra log for me, only the main one):

Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\Administrator\Application Data

13/06/2006 10:10 AM <DIR> Adobe
13/06/2006 10:09 AM <DIR> AdobeAUM
15/06/2006 09:20 AM 1,884 AdobeDLM.log
03/10/2006 01:20 PM <DIR> AdobeUM
04/07/2006 04:43 PM <DIR> Brother
13/06/2006 10:07 AM 0 dm.ini
20/06/2006 09:24 AM <DIR> Earth Resource Mapping
16/01/2007 02:03 PM <DIR> Google
24/10/2006 03:37 PM <DIR> Help
04/07/2006 05:11 PM <DIR> Hewlett-Packard
10/06/2006 07:25 AM <DIR> Identities
15/06/2006 09:44 AM <DIR> InterTrust
07/09/2006 05:11 PM <DIR> Leadertech
22/02/2007 07:58 AM <DIR> Logitech
15/06/2006 01:09 PM <DIR> Macromedia
10/06/2006 08:00 AM <DIR> Microsoft Web Folders
21/07/2006 01:04 PM <DIR> Sun
2 File(s) 1,884 bytes
15 Dir(s) 30,494,588,928 bytes free
Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\All Users\Application Data

13/06/2006 10:06 AM <DIR> Adobe
28/05/2007 12:01 PM <DIR> Ahead
16/07/2007 11:22 AM <DIR> Apple
16/07/2007 11:14 AM <DIR> Apple Computer
04/07/2006 04:32 PM <DIR> Brother
16/01/2007 09:34 AM <DIR> Google
04/07/2006 05:11 PM 209 hpzinstall.log
27/08/2007 10:49 AM <DIR> Logitech
15/06/2006 09:59 AM <DIR> Messenger Plus!
10/06/2008 02:01 PM <DIR> MSN6
10/06/2006 07:58 AM <DIR> Network Associates
17/06/2008 11:58 AM 1,747 QTSBandwidthCache
04/07/2006 04:33 PM <DIR> ScanSoft
17/06/2008 08:52 AM <DIR> Spybot - Search & Destroy
10/06/2008 01:07 PM <DIR> TEMP
01/08/2006 08:57 AM <DIR> Windows Genuine Advantage
28/08/2007 02:57 PM <DIR> Windows Live Toolbar
13/06/2006 12:45 PM <DIR> Yahoo! Companion
2 File(s) 1,956 bytes
16 Dir(s) 30,494,588,928 bytes free
Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\Trish\Application Data

29/03/2007 11:29 AM <DIR> Adobe
29/03/2007 11:30 AM <DIR> AdobeAUM
29/03/2007 11:29 AM <DIR> AdobeUM
28/05/2007 12:13 PM <DIR> Ahead
16/10/2007 01:23 PM <DIR> Apple Computer
14/02/2008 08:16 AM <DIR> DivX
14/02/2008 08:13 AM <DIR> GetRight
14/02/2008 07:50 AM <DIR> GetRightToGo
21/03/2007 10:25 AM <DIR> Google
29/03/2007 11:52 AM <DIR> Help
21/03/2007 10:22 AM <DIR> Identities
29/03/2007 11:29 AM <DIR> Leadertech
21/03/2007 10:22 AM <DIR> Logitech
21/03/2007 10:29 AM <DIR> Macromedia
16/06/2008 08:45 AM <DIR> Mozilla
10/06/2008 02:01 PM <DIR> MSN6
22/05/2008 12:16 PM <DIR> RhinoSoft.com
16/04/2007 04:21 PM <DIR> Sun
0 File(s) 0 bytes
18 Dir(s) 30,494,588,928 bytes free
Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\Default User\Application Data

10/06/2006 05:11 AM <DIR> .
10/06/2006 05:11 AM <DIR> ..
10/06/2006 05:11 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 30,494,588,928 bytes free
Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 28C2-AF8E

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/20/2007 21:25:00
NextRun: 06/17/2008 21:25:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 07/16/2007
EndDate: 00/00/0000
StartTime: 21:25
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Check Updates for Windows Live Toolbar.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/17/2008 13:30:00
NextRun: 06/17/2008 14:30:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/30/2007
EndDate: 00/00/0000
StartTime: 23:30
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1151997071"'
WorkingDirectory: ''
Comment: ''
Creator: 'Administrator'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers

Deckard's System Scanner v20071014.68
Run by Trish on 2008-06-17 14:29:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Trish.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:40 PM, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\Trish\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Trish.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 21458 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-16 14:10:54 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-16 12:07:01 0 d-------- C:\WINDOWS\ERUNT
2008-06-16 11:14:55 0 d-------- C:\cmdcons
2008-06-16 11:13:17 68096 --a------ C:\WINDOWS\zip.exe
2008-06-16 11:13:17 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-16 11:13:17 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-16 11:13:17 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-16 11:13:17 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-16 11:13:17 98816 --a------ C:\WINDOWS\sed.exe
2008-06-16 11:13:17 80412 --a------ C:\WINDOWS\grep.exe
2008-06-16 11:13:17 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 08:46:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-16 08:45:36 0 d-------- C:\Documents and Settings\Trish\Application Data\Mozilla
2008-06-12 08:21:19 0 d-------- C:\Program Files\GetModule
2008-06-12 08:21:01 0 d-------- C:\Program Files\GetPack
2008-06-12 08:21:00 0 d-------- C:\Program Files\iCheck
2008-06-10 14:01:52 0 d-------- C:\Documents and Settings\Trish\Application Data\MSN6
2008-06-10 14:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-10 13:27:27 0 d-------- C:\Program Files\Trend Micro
2008-06-10 13:10:30 21312 --a------ C:\WINDOWS\choice.exe
2008-06-10 13:09:19 0 d-------- C:\ie-spyad
2008-06-10 13:07:30 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 13:03:11 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 09:00:25 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 09:00:24 2539 --a------ C:\WINDOWS\unins000.dat
2008-06-10 08:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 10:31:06 0 d-------- C:\Program Files\Panda Security
2008-06-05 11:22:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-05 11:20:00 0 d-------- C:\Program Files\Softland
2008-06-05 11:00:29 0 d-------- C:\Program Files\Jasc Software Inc
2008-06-05 10:55:52 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 10:40:03 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-05-27 15:28:08 1024 --a------ C:\WINDOWS\system32\winpdfstamp.dat
2008-05-26 08:44:09 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 12:23:21 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 12:16:09 0 d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com
2008-05-22 11:41:34 49664 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-22 11:41:31 0 d-------- C:\Program Files\Active Ports
2008-05-22 11:03:31 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-05-22 11:00:05 0 d-------- C:\Inetpub
2008-05-22 10:27:59 73728 --a------ C:\WINDOWS\system32\ZLIB.DLL
2008-05-22 10:27:38 49152 --a------ C:\WINDOWS\SDConfig.dll
2008-05-22 10:27:38 0 d-------- C:\Sharpdesk Desktop
2008-05-22 10:27:35 0 d-------- C:\Program Files\Common Files\Sharp Shared
2008-05-22 10:27:22 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:22 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:21 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-22 10:27:20 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-22 10:27:13 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-22 10:27:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-22 10:27:13 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:12 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:11 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:10 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:10 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:09 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:27:08 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-22 10:26:39 32768 --a------ C:\WINDOWS\wangimg.exe <Not Verified; Eastman Software, Inc., A Kodak Business; Imaging for Windows®>
2008-05-22 10:26:39 32768 --a------ C:\WINDOWS\kodakimg.exe <Not Verified; Eastman Software, Inc., A Kodak Business; Imaging for Windows®>
2008-05-22 10:25:54 0 d-------- C:\Program Files\Sharp
2008-05-22 10:24:16 0 d-------- C:\Documents and Settings\Trish\WINDOWS

-- Find3M Report ---------------------------------------------------------------

2008-06-17 14:21:20 0 d-------- C:\Program Files\Java
2008-06-06 12:31:32 0 d-------- C:\Program Files\GetRight
2008-05-22 10:27:35 0 d-------- C:\Program Files\Common Files
2008-05-06 08:59:39 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-06 08:52:06 0 d-------- C:\Program Files\WinPcap

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 12:15 PM]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [12/05/2004 04:22 PM]
"SoundMan"="SOUNDMAN.EXE" [20/01/2005 10:04 PM C:\WINDOWS\SOUNDMAN.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [29/09/2003 07:10 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [10/09/2003 03:11 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [12/06/2001 06:20 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [14/10/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [14/04/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [14/04/2004 03:04 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 03:44 PM C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16/07/2007 11:14 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23/01/2007 03:44 PM C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [22/02/2007 07:55 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/07/2007 09:23 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"MessengerPlus3"="C:\Documents and Settings\Administrator\MsgPlus.exe" [28/08/2007 02:48 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [08/11/2001 10:37 AM]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [10/06/2008 07:08 PM]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [10/06/2008 07:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [15/06/2006 9:47:31 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2/12/2002 9:08:34 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2/12/2002 8:56:10 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [22/02/2007 7:55:23 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [27/08/2007 10:49:45 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18/02/1999 2:05:56 PM]
Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [22/05/2008 10:26:21 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [10/06/2006 7:28:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G]
AutoRun\command- Y:\Autorun.exe /run
Shell00\Command- Y:\Autorun.exe /run
Shell01\Command- Y:\Autorun.exe /action
Shell02\Command- Y:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}]
AutoRun\command- F:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-06-17 14:31:08 ------------

Cheers

**chemist** · 06-17-2008, 01:35 PM

Hello again, greenoznic.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please read this about GetRight. You can decide if you want to keep it.

If you don't want it, delete the following Folders if they still exist:

C:\Program Files\GetRight
C:\Documents and Settings\Trish\Application Data\GetRight
C:\Documents and Settings\Trish\Application Data\GetRightToGo

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

InternetSpeedMonitor<<Please read this

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/258067-virus-constant-popups-rundll32-exe-error-userinit-exe-error.html

Collect::
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\GetModule\GetModule18.exe

Folder::
C:\Program Files\GetModule
C:\Program Files\GetPack

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetPack18"=-
"GetModule18"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.

With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log
report on system behavior

greenoznic · 06-17-2008, 04:46 PM

Hi,

I've had a couple of popups this morning but that was before I carried out your latest instructions, since then I haven't had any.

Here are my scans:

ComboFix 08-06-15.2 - Trish 2008-06-18 8:37:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.623 [GMT 10:00]
Running from: C:\Documents and Settings\Trish\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trish\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 14:29 . 2008-06-17 14:29 <DIR> d-------- C:\Deckard
2008-06-17 09:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 14:10 . 2008-06-16 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-16 12:07 . 2008-06-16 12:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 09:11 . 2008-06-14 01:37 <DIR> d-------- C:\SDFix
2008-06-16 08:46 . 2008-06-16 08:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\MSN6
2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-10 13:27 . 2008-06-10 13:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 13:10 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-06-10 13:09 . 2008-06-10 13:09 <DIR> d-------- C:\ie-spyad
2008-06-10 13:07 . 2008-06-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 13:03 . 2008-06-10 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-10 13:03 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-10 09:33 . 2008-06-10 10:11 243 --a------ C:\WINDOWS\wininit.ini
2008-06-10 09:00 . 2008-06-10 08:58 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-10 09:00 . 2008-06-10 09:00 2,539 --a------ C:\WINDOWS\unins000.dat
2008-06-10 08:56 . 2008-06-17 08:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 08:56 . 2008-06-17 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 10:31 . 2008-06-06 10:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Softland
2008-06-05 11:20 . 2008-06-04 12:58 22,168 --a------ C:\WINDOWS\system32\novamns5.dll
2008-06-05 11:20 . 2008-06-04 12:58 18,584 --a------ C:\WINDOWS\system32\novamis5.dll
2008-06-05 11:20 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novas5.ctm
2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-06-05 10:41 . 2008-06-05 11:14 527 --a------ C:\WINDOWS\PDFWatermark.INI
2008-06-05 10:40 . 2008-06-05 10:40 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-04 08:52 . 2008-06-04 08:52 268 --ah----- C:\sqmdata13.sqm
2008-06-04 08:52 . 2008-06-04 08:52 244 --ah----- C:\sqmnoopt13.sqm
2008-06-03 08:39 . 2008-06-03 08:39 268 --ah----- C:\sqmdata12.sqm
2008-06-03 08:39 . 2008-06-03 08:39 244 --ah----- C:\sqmnoopt12.sqm
2008-05-27 15:28 . 2008-06-05 11:16 1,024 --a------ C:\WINDOWS\system32\winpdfstamp.dat
2008-05-26 08:44 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-22 12:23 . 2008-05-22 12:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 12:16 . 2008-05-22 12:16 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com
2008-05-22 11:41 . 2008-05-22 11:41 <DIR> d-------- C:\Program Files\Active Ports
2008-05-22 11:41 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe
2008-05-22 11:03 . 2008-05-22 11:03 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-05-22 11:01 . 2006-02-28 22:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-05-22 11:00 . 2008-05-22 11:03 <DIR> d-------- C:\Inetpub
2008-05-22 10:27 . 2008-05-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Sharp Shared
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\wangimg.exe
2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\kodakimg.exe
2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\Program Files\Sharp
2008-05-22 10:24 . 2008-05-22 10:24 <DIR> d-------- C:\Documents and Settings\Trish\WINDOWS
2008-05-20 08:37 . 2008-05-20 08:37 268 --ah----- C:\sqmdata11.sqm
2008-05-20 08:37 . 2008-05-20 08:37 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 04:21 --------- d-----w C:\Program Files\Java
2008-05-22 00:27 155,995 ----a-w C:\WINDOWS\java\Packages\XBHJPFTF.ZIP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 22:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-05 22:52 --------- d-----w C:\Program Files\WinPcap
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-08-07 00:43 51,848 -c--a-w C:\Program Files\lcallig.ttf
2006-06-14 23:27 9,409,224 -c--a-w C:\Documents and Settings\Administrator\Install_MSN_Messenger.exe
2006-06-13 00:06 21,290,704 -c--a-w C:\Program Files\AdbeRdr708_en_US.exe
2006-06-12 23:59 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe
2006-06-12 23:56 762,512 -c--a-w C:\Program Files\ytb612_efgsip.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-17_ 9.04.05.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 22:53:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 22:31:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-16 22:53:34 218,223 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-17 22:35:28 218,246 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-02-21 14:23:35 135,168 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 15:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 14:23:39 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 15:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-21 15:33:32 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-24 16:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 07:55 32768]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 09:23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2001-11-08 10:37 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 22:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20 69632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 11:14 286720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-06-15 09:47:31 82026]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-22 07:55:23 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-27 10:49:45 688128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 14:05:56 65588]
Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [2008-05-22 10:26:21 275968]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-06-10 07:28:42 335872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 03:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G]
\Shell\AutoRun\command - Y:\Autorun.exe /run
\Shell\Shell00\Command - Y:\Autorun.exe /run
\Shell\Shell01\Command - Y:\Autorun.exe /action
\Shell\Shell02\Command - Y:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 10:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 22:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2006-10-12 07:11:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 08:40:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 8:43:37
ComboFix-quarantined-files.txt 2008-06-17 22:43:08
ComboFix2.txt 2008-06-16 23:04:46
ComboFix3.txt 2008-06-16 03:10:28

Pre-Run: 30,550,048,768 bytes free
Post-Run: 30,701,297,664 bytes free

173 --- E O F --- 2008-06-16 03:53:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:11 AM, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 20978 bytes

Cheers

**chemist** · 06-17-2008, 05:57 PM

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the Kaspersky log, those are safely tucked away in ComboFix's quarantine folder or in old System Restore points, which we will be taking care of now.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Delete the zipped file for submission from your desktop.

Delete the following Folder if it still exists:

C:\SDFix

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore points which contain previous infections, and create a fresh, clean System Restore point.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

How Did I Get Infected In The First Place? by TonyKlein
PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

SpywareBlaster 4.0 prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
SpywareGuard catches and blocks spyware installation and browser hijacking in real-time. See tutorial here
IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Spybot - Search & Destroy 1.5.2 is an excellent spyware remover and also offers real-time protection against critical registry changes. Don't use the Immunize feature if you use SpywareBlaster. See tutorial here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

greenoznic · 06-17-2008, 07:48 PM

Thanks very much for your help.

**chemist** · 06-17-2008, 07:55 PM

You're very welcome!

06-12-2008, 10:02 PM	#2 (permalink)
greenoznic Registered User Join Date: Jun 2007 Posts: 27 OS: Windows XP	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Bumped for 72 hours

06-15-2008, 09:15 PM	#4 (permalink)
greenoznic Registered User Join Date: Jun 2007 Posts: 27 OS: Windows XP	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Thanks for getting back to me, Here are my results: SDFix: Version 1.192 Run by Trish on 2008-06-16 at 12:16 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\Trish\Desktop\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\TRISH\APPLIC~1\MICROS~1\WINDOWS\WPBBXB.EXE - Deleted C:\Documents and Settings\Trish\Application Data\SpeedRunner\SpeedRunner.exe - Deleted Folder C:\Documents and Settings\Trish\Application Data\SpeedRunner - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 12:33:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\WINDOWS\system32\__c006283F.dat" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "LoadAppInit_DLLs"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Disabled:Logitech Desktop Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"="C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe::Enabled:sdFTP" "C:\\Documents and Settings\\Trish\\Local Settings\\Temp\\is-B9D2R.tmp\\ServUSetup.tmp"="C:\\Documents and Settings\\Trish\\Local Settings\\Temp\\is-B9D2R.tmp\\ServUSetup.tmp::Enabled:Setup/Uninstall" "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe::Disabled:Framework Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\Trish\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 30 Dec 2002 27,136 A..H. --- "C:\WINDOWS\Templates\~WRL2063.tmp" Wed 21 Jul 2004 41,984 A..H. --- "C:\WINDOWS\Templates\~WRL3167.tmp" Thu 12 Apr 2007 121,344 ...H. --- "C:\Documents and Settings\Trish\My Documents\~WRL1233.tmp" Wed 1 Feb 2006 40,960 A..H. --- "C:\WINDOWS\Templates\Rams\~WRL2508.tmp" Mon 30 Dec 2002 27,136 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\~WRL2063.tmp" Wed 21 Jul 2004 41,984 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\~WRL3167.tmp" Tue 17 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT5A.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT15B.tmp" Wed 1 Feb 2006 40,960 A..H. --- "C:\Documents and Settings\Administrator\Templates\Templates\Rams\~WRL2508.tmp" Thu 15 Nov 2007 3,231,232 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0053.tmp" Thu 15 Nov 2007 5,478,400 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0125.tmp" Mon 18 Jun 2007 120,320 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0372.tmp" Thu 15 Nov 2007 3,225,600 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0409.tmp" Thu 15 Nov 2007 3,232,256 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0421.tmp" Tue 12 Feb 2008 60,928 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0442.tmp" Mon 18 Jun 2007 119,296 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL0872.tmp" Mon 18 Jun 2007 113,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1174.tmp" Tue 17 Jul 2007 35,328 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1259.tmp" Fri 13 Apr 2007 130,560 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1381.tmp" Thu 30 Aug 2007 13,874,688 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1421.tmp" Mon 18 Jun 2007 115,712 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1767.tmp" Fri 19 Oct 2007 61,952 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1784.tmp" Mon 18 Jun 2007 124,928 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1858.tmp" Mon 18 Jun 2007 124,416 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1881.tmp" Thu 15 Nov 2007 3,231,232 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL1915.tmp" Mon 18 Feb 2008 66,048 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2046.tmp" Thu 15 Nov 2007 3,225,088 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2062.tmp" Wed 24 Oct 2007 69,632 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2266.tmp" Thu 30 Aug 2007 13,874,176 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2467.tmp" Mon 18 Jun 2007 116,736 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2726.tmp" Mon 18 Jun 2007 116,736 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2895.tmp" Thu 15 Nov 2007 6,288,384 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL2938.tmp" Mon 16 Jul 2007 28,160 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3059.tmp" Fri 19 Oct 2007 68,608 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3081.tmp" Mon 18 Jun 2007 113,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3174.tmp" Thu 15 Nov 2007 4,680,704 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3406.tmp" Thu 30 Aug 2007 13,873,664 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3557.tmp" Fri 19 Oct 2007 62,464 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3667.tmp" Thu 17 May 2007 64,512 ...H. --- "C:\Documents and Settings\Trish\Application Data\Microsoft\Word\~WRL3913.tmp" Finished! ComboFix 08-06-15.2 - Trish 2008-06-16 12:51:09.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.518 [GMT 10:00] Running from: C:\Documents and Settings\Trish\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Trish\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Trish\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Trish\Local Settings\Temporary Internet Files\CPV.stt . ---- Previous Run ------- . C:\Program Files\ISM C:\Program Files\ISM\ism.exe C:\Program Files\ISM\Uninstall.exe C:\Program Files\JavaCore C:\Program Files\JavaCore\UnInstall.exe C:\Program Files\QdrPack C:\Program Files\QdrPack\bostrupd.exe C:\Program Files\QdrPack\QdrPack16.exe C:\Program Files\QdrPack\QdrPack17.exe C:\Program Files\QdrPack\trgtys.gz C:\Program Files\QdrPack\wadsvupd.exe C:\Program Files\Spcron C:\Program Files\Spcron\Spc.dll C:\Program Files\Svconr C:\Program Files\Temporary C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\Cache C:\WINDOWS\system32\mcrh.tmp . ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))) . 2008-06-16 12:07 . 2008-06-16 12:07 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-16 09:11 . 2008-06-14 01:37 <DIR> d-------- C:\SDFix 2008-06-16 08:46 . 2008-06-16 08:46 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\iCheck 2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\GetPack 2008-06-12 08:21 . 2008-06-16 09:07 <DIR> d-------- C:\Program Files\GetModule 2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\MSN6 2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-06-10 13:27 . 2008-06-10 13:27 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-10 13:14 . 2008-06-10 13:14 <DIR> d-------- C:\Deckard 2008-06-10 13:10 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe 2008-06-10 13:09 . 2008-06-10 13:09 <DIR> d-------- C:\ie-spyad 2008-06-10 13:07 . 2008-06-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-10 13:03 . 2008-06-10 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-10 13:03 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-10 09:33 . 2008-06-10 10:11 243 --a------ C:\WINDOWS\wininit.ini 2008-06-10 09:00 . 2008-06-10 08:58 691,545 --a------ C:\WINDOWS\unins000.exe 2008-06-10 09:00 . 2008-06-10 09:00 2,539 --a------ C:\WINDOWS\unins000.dat 2008-06-10 08:56 . 2008-06-10 09:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-10 08:56 . 2008-06-10 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-06 10:31 . 2008-06-06 10:31 <DIR> d-------- C:\Program Files\Panda Security 2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland 2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Softland 2008-06-05 11:20 . 2008-06-04 12:58 22,168 --a------ C:\WINDOWS\system32\novamns5.dll 2008-06-05 11:20 . 2008-06-04 12:58 18,584 --a------ C:\WINDOWS\system32\novamis5.dll 2008-06-05 11:20 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novas5.ctm 2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\Program Files\Jasc Software Inc 2008-06-05 10:41 . 2008-06-05 11:14 527 --a------ C:\WINDOWS\PDFWatermark.INI 2008-06-05 10:40 . 2008-06-05 10:40 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-06-04 08:52 . 2008-06-04 08:52 268 --ah----- C:\sqmdata13.sqm 2008-06-04 08:52 . 2008-06-04 08:52 244 --ah----- C:\sqmnoopt13.sqm 2008-06-03 08:39 . 2008-06-03 08:39 268 --ah----- C:\sqmdata12.sqm 2008-06-03 08:39 . 2008-06-03 08:39 244 --ah----- C:\sqmnoopt12.sqm 2008-05-28 21:02 . 2008-05-28 18:02 74,240 --------- C:\WINDOWS\b156.exe_old 2008-05-27 15:28 . 2008-06-05 11:16 1,024 --a------ C:\WINDOWS\system32\winpdfstamp.dat 2008-05-26 08:44 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-05-22 12:23 . 2008-05-22 12:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-22 12:16 . 2008-05-22 12:16 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com 2008-05-22 11:41 . 2008-05-22 11:41 <DIR> d-------- C:\Program Files\Active Ports 2008-05-22 11:41 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe 2008-05-22 11:03 . 2008-05-22 11:03 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2008-05-22 11:01 . 2006-02-28 22:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2008-05-22 11:00 . 2008-05-22 11:03 <DIR> d-------- C:\Inetpub 2008-05-22 10:27 . 2008-05-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Sharp Shared 2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\wangimg.exe 2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\kodakimg.exe 2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\Program Files\Sharp 2008-05-22 10:24 . 2008-05-22 10:24 <DIR> d-------- C:\Documents and Settings\Trish\WINDOWS 2008-05-20 08:37 . 2008-05-20 08:37 268 --ah----- C:\sqmdata11.sqm 2008-05-20 08:37 . 2008-05-20 08:37 244 --ah----- C:\sqmnoopt11.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 02:31 --------- d-----w C:\Program Files\GetRight 2008-05-22 00:27 155,995 ----a-w C:\WINDOWS\java\Packages\XBHJPFTF.ZIP 2008-05-05 22:59 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-05 22:52 --------- d-----w C:\Program Files\WinPcap 2007-08-28 04:48 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader.dll 2007-08-28 04:48 40,960 -c--a-w C:\Documents and Settings\Administrator\RichEdHook.dll 2007-08-28 04:48 4,096 -c--a-w C:\Documents and Settings\Administrator\Detoured.dll 2007-08-28 04:48 344,064 -c--a-w C:\Documents and Settings\Administrator\Libsndfile.dll 2007-08-28 04:48 339,968 -c--a-w C:\Documents and Settings\Administrator\Lame_enc.dll 2007-08-28 04:48 190,024 ----a-w C:\Documents and Settings\Administrator\MsgPlus.exe 2007-08-28 04:48 1,914,440 -c--a-w C:\Documents and Settings\Administrator\MsgPlusH.dll 2007-08-07 00:43 51,848 -c--a-w C:\Program Files\lcallig.ttf 2006-08-08 23:44 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader1.dll 2006-06-14 23:27 9,409,224 -c--a-w C:\Documents and Settings\Administrator\Install_MSN_Messenger.exe 2006-06-14 23:11 4,752,968 -c--a-w C:\Documents and Settings\Administrator\MsgPlus-363.exe 2006-06-13 00:06 21,290,704 -c--a-w C:\Program Files\AdbeRdr708_en_US.exe 2006-06-12 23:59 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe 2006-06-12 23:56 762,512 -c--a-w C:\Program Files\ytb612_efgsip.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE838836-5A14-461D-B964-E63B8CA523E1}] C:\WINDOWS\system32\qoMfcaWp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 07:55 32768] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 09:23 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MessengerPlus3"="C:\Documents and Settings\Administrator\MsgPlus.exe" [2007-08-28 14:48 190024] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2001-11-08 10:37 28672] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 19:08 350208] "GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-10 07:40 351744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 22:04 77824 C:\WINDOWS\SOUNDMAN.EXE] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20 69632] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 11:14 286720] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "28c2af21"="C:\WINDOWS\system32\mxlmeacy.dll" [ ] "BM2bf19cbd"="C:\WINDOWS\system32\qmdwhovu.dll" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-06-15 09:47:31 82026] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-22 07:55:23 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-27 10:49:45 688128] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 14:05:56 65588] Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [2008-05-22 10:26:21 275968] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-06-10 07:28:42 335872] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12] S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12] S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12] S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 03:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G] \Shell\AutoRun\command - Y:\Autorun.exe /run \Shell\Shell00\Command - Y:\Autorun.exe /run \Shell\Shell01\Command - Y:\Autorun.exe /action \Shell\Shell02\Command - Y:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-11-20 10:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-16 02:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2006-10-12 07:11:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 12:59:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\BrmfBAgS.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-06-16 13:10:27 - machine was rebooted [Trish] ComboFix-quarantined-files.txt 2008-06-16 03:10:23 Pre-Run: 28,283,342,848 bytes free Post-Run: 30,932,054,016 bytes free 212 --- E O F --- 2008-05-28 07:09:07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:11:50 PM, on 16/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\BrmfBAgS.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\GetPack\GetPack18.exe C:\Program Files\GetModule\GetModule18.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {BE838836-5A14-461D-B964-E63B8CA523E1} - C:\WINDOWS\system32\qoMfcaWp.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [28c2af21] rundll32.exe "C:\WINDOWS\system32\mxlmeacy.dll",b O4 - HKLM\..\Run: [BM2bf19cbd] Rundll32.exe "C:\WINDOWS\system32\qmdwhovu.dll",s O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe" O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 22303 bytes Cheers

06-16-2008, 07:02 PM	#6 (permalink)
greenoznic Registered User Join Date: Jun 2007 Posts: 27 OS: Windows XP	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Hi, Thanks for the assistance, I am now able to log into Windows normally with no problem, but I am not able to access our network server at work whenever I click on it it comes up saying that it isn't accessible and I may not have permission to use this network resource and that the network path was not found. I am still getting some popups and two dll errors, they are: c/windows\system32\mxlmeacy.dll and c/windows\system32\qmdwhovu.dll. Here is my new scans: ComboFix 08-06-15.2 - Trish 2008-06-17 8:58:57.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT 10:00] Running from: C:\Documents and Settings\Trish\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Trish\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897 C:\Program Files\ISM\ism.exe C:\WINDOWS\b155.exe_old C:\WINDOWS\b156.exe_old C:\WINDOWS\system32\qoMfcaWp.dll_old C:\WINDOWS\system32\tuvWmnLe.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897 C:\WINDOWS\b155.exe_old C:\WINDOWS\b156.exe_old . ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))) . 2008-06-16 14:10 . 2008-06-16 14:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-06-16 12:07 . 2008-06-16 12:07 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-16 09:11 . 2008-06-14 01:37 <DIR> d-------- C:\SDFix 2008-06-16 08:46 . 2008-06-16 08:46 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\iCheck 2008-06-12 08:21 . 2008-06-12 08:21 <DIR> d-------- C:\Program Files\GetPack 2008-06-12 08:21 . 2008-06-17 08:33 <DIR> d-------- C:\Program Files\GetModule 2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\MSN6 2008-06-10 14:01 . 2008-06-10 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-06-10 13:27 . 2008-06-10 13:27 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-10 13:14 . 2008-06-10 13:14 <DIR> d-------- C:\Deckard 2008-06-10 13:10 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe 2008-06-10 13:09 . 2008-06-10 13:09 <DIR> d-------- C:\ie-spyad 2008-06-10 13:07 . 2008-06-10 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-10 13:03 . 2008-06-10 13:08 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-10 13:03 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-10 09:33 . 2008-06-10 10:11 243 --a------ C:\WINDOWS\wininit.ini 2008-06-10 09:00 . 2008-06-10 08:58 691,545 --a------ C:\WINDOWS\unins000.exe 2008-06-10 09:00 . 2008-06-10 09:00 2,539 --a------ C:\WINDOWS\unins000.dat 2008-06-10 08:56 . 2008-06-17 08:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-10 08:56 . 2008-06-17 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-06 10:31 . 2008-06-06 10:31 <DIR> d-------- C:\Program Files\Panda Security 2008-06-05 11:22 . 2008-06-05 11:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Softland 2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Softland 2008-06-05 11:20 . 2008-06-04 12:58 22,168 --a------ C:\WINDOWS\system32\novamns5.dll 2008-06-05 11:20 . 2008-06-04 12:58 18,584 --a------ C:\WINDOWS\system32\novamis5.dll 2008-06-05 11:20 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\novas5.ctm 2008-06-05 11:00 . 2008-06-05 11:00 <DIR> d-------- C:\Program Files\Jasc Software Inc 2008-06-05 10:41 . 2008-06-05 11:14 527 --a------ C:\WINDOWS\PDFWatermark.INI 2008-06-05 10:40 . 2008-06-05 10:40 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2008-06-04 08:52 . 2008-06-04 08:52 268 --ah----- C:\sqmdata13.sqm 2008-06-04 08:52 . 2008-06-04 08:52 244 --ah----- C:\sqmnoopt13.sqm 2008-06-03 08:39 . 2008-06-03 08:39 268 --ah----- C:\sqmdata12.sqm 2008-06-03 08:39 . 2008-06-03 08:39 244 --ah----- C:\sqmnoopt12.sqm 2008-05-27 15:28 . 2008-06-05 11:16 1,024 --a------ C:\WINDOWS\system32\winpdfstamp.dat 2008-05-26 08:44 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-05-22 12:23 . 2008-05-22 12:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-22 12:16 . 2008-05-22 12:16 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\RhinoSoft.com 2008-05-22 11:41 . 2008-05-22 11:41 <DIR> d-------- C:\Program Files\Active Ports 2008-05-22 11:41 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe 2008-05-22 11:03 . 2008-05-22 11:03 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2008-05-22 11:01 . 2006-02-28 22:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2008-05-22 11:00 . 2008-05-22 11:03 <DIR> d-------- C:\Inetpub 2008-05-22 10:27 . 2008-05-22 10:27 <DIR> d-------- C:\Program Files\Common Files\Sharp Shared 2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\wangimg.exe 2008-05-22 10:26 . 2000-06-20 11:59 32,768 --a------ C:\WINDOWS\kodakimg.exe 2008-05-22 10:25 . 2008-05-22 10:25 <DIR> d-------- C:\Program Files\Sharp 2008-05-22 10:24 . 2008-05-22 10:24 <DIR> d-------- C:\Documents and Settings\Trish\WINDOWS 2008-05-20 08:37 . 2008-05-20 08:37 268 --ah----- C:\sqmdata11.sqm 2008-05-20 08:37 . 2008-05-20 08:37 244 --ah----- C:\sqmnoopt11.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 02:31 --------- d-----w C:\Program Files\GetRight 2008-05-22 00:27 155,995 ----a-w C:\WINDOWS\java\Packages\XBHJPFTF.ZIP 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-05 22:59 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-05-05 22:52 --------- d-----w C:\Program Files\WinPcap 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2007-08-28 04:48 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader.dll 2007-08-28 04:48 40,960 -c--a-w C:\Documents and Settings\Administrator\RichEdHook.dll 2007-08-28 04:48 4,096 -c--a-w C:\Documents and Settings\Administrator\Detoured.dll 2007-08-28 04:48 344,064 -c--a-w C:\Documents and Settings\Administrator\Libsndfile.dll 2007-08-28 04:48 339,968 -c--a-w C:\Documents and Settings\Administrator\Lame_enc.dll 2007-08-28 04:48 190,024 ----a-w C:\Documents and Settings\Administrator\MsgPlus.exe 2007-08-28 04:48 1,914,440 -c--a-w C:\Documents and Settings\Administrator\MsgPlusH.dll 2007-08-07 00:43 51,848 -c--a-w C:\Program Files\lcallig.ttf 2006-08-08 23:44 58,952 -c--a-w C:\Documents and Settings\Administrator\MsgPlusLoader1.dll 2006-06-14 23:27 9,409,224 -c--a-w C:\Documents and Settings\Administrator\Install_MSN_Messenger.exe 2006-06-14 23:11 4,752,968 -c--a-w C:\Documents and Settings\Administrator\MsgPlus-363.exe 2006-06-13 00:06 21,290,704 -c--a-w C:\Program Files\AdbeRdr708_en_US.exe 2006-06-12 23:59 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe 2006-06-12 23:56 762,512 -c--a-w C:\Program Files\ytb612_efgsip.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-16_13.10.11.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-16 02:58:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 22:53:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 08:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll - 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2004-08-03 13:10:38 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys + 2008-04-14 11:01:02 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys - 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 08:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-23 12:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2004-08-03 13:10:38 274,304 -c----w C:\WINDOWS\system32\drivers\bthport.sys + 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys - 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-06-16 02:59:30 216,938 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-06-16 22:53:34 218,223 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 08:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 12:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2006-10-08 11:51:14 14,640 -c--a-w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 07:55 32768] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 09:23 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MessengerPlus3"="C:\Documents and Settings\Administrator\MsgPlus.exe" [2007-08-28 14:48 190024] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2001-11-08 10:37 28672] "GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 19:08 350208] "GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-10 07:40 351744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496] "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 22:04 77824 C:\WINDOWS\SOUNDMAN.EXE] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 18:20 69632] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-16 11:14 286720] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-06-15 09:47:31 82026] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-22 07:55:23 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-27 10:49:45 688128] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 14:05:56 65588] Start Network Scanner Tool.lnk - C:\Program Files\Sharp\Sharpdesk\sdFTP.exe [2008-05-22 10:26:21 275968] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-06-10 07:28:42 335872] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12] S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12] S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12] S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 17:39] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-26 03:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Win2kserver#G] \Shell\AutoRun\command - Y:\Autorun.exe /run \Shell\Shell00\Command - Y:\Autorun.exe /run \Shell\Shell01\Command - Y:\Autorun.exe /action \Shell\Shell02\Command - Y:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a7142a-bd6d-11dc-8e46-000129d4a51a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-11-20 10:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-16 06:30:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2006-10-12 07:11:09 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1151997071.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 09:02:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-17 9:04:45 ComboFix-quarantined-files.txt 2008-06-16 23:04:21 ComboFix2.txt 2008-06-16 03:10:28 Pre-Run: 30,751,010,816 bytes free Post-Run: 30,768,918,528 bytes free 352 --- E O F --- 2008-06-16 03:53:41 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, June 17, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, June 16, 2008 22:08:02 Records in database: 875027 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Files scanned: 58062 Threat name: 11 Infected objects: 20 Suspicious objects: 0 Duration of the scan: 01:02:22 File name / Threat name / Threats count C:\Documents and Settings\Trish\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.pbq 1 C:\Documents and Settings\Trish\Desktop\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.qqn 1 C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan.Java.ClassLoader.h 1 C:\QooBox\Quarantine\C\Documents and Settings\Trish\Application Data\Sun\Java\Deployment\cache\6.0\59\5928803b-44f96897.vir Infected: Trojan.Java.ClassLoader.d 1 C:\QooBox\Quarantine\C\WINDOWS\b155.exe_old.vir Infected: Trojan.Win32.BHO.bkm 1 C:\QooBox\Quarantine\C\WINDOWS\b156.exe_old.vir Infected: not-a-virus:AdWare.Win32.Insider.j 1 C:\QooBox\Quarantine\C\WINDOWS\system32\bjpmwyvk.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\hqwcdcmj.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jsmnywsf.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jtwsepvs.dll.vir Infected: Trojan-Downloader.Win32.Agent.sei 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ljcckvei.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mawealib.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mxlmeacy.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\pgkojvsk.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\qmdwhovu.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rotaysuk.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\sxmxjrmc.dll.vir Infected: Trojan-Downloader.Win32.Agent.seh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\taysvcby.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWmnLe.dll.vir Infected: Trojan.Win32.Agent.rmp 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:21 AM, on 17/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\BrmfBAgS.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\Program Files\GetPack\GetPack18.exe C:\Program Files\GetModule\GetModule18.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrator\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe" O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.hunterunited.com.au/smsx.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O18 - Protocol: bw+0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {EC3BBEDD-5050-4CD9-8802-81B9C0CC9E1A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 21573 bytes Cheers

06-16-2008, 09:27 PM	#8 (permalink)
greenoznic Registered User Join Date: Jun 2007 Posts: 27 OS: Windows XP	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Hi Thanks for getting back to me so quick. I am still getting a fair few popups. Here's the uninstall list: Active Ports Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 7.0.8 Adobe® Photoshop® Album Starter Edition 3.0 Apple Software Update CDDRV_Installer Compatibility Pack for the 2007 Office system DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player e-tax 2006 Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB929120) HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series Image Web Server 7.0 IE Plugin (3,1,0,230) Internet Speed Monitor J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 7 J2SE Runtime Environment 5.0 Update 9 Java(TM) 6 Update 6 KhalSetup Logitech Desktop Messenger Logitech SetPoint McAfee VirusScan Enterprise Messenger Plus! 3 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (2.0.0.14) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MYOB Premier v10 MYOB Premier v9 Nero Suite novaPDF Standard Desktop 5.4 printer OneCare Advisor (Windows Live Toolbar) Paint Shop Pro 7 Evaluation Panda ActiveScan 2.0 PaperPort Photo Resizer Pro v3.7 Popup Blocker (Windows Live Toolbar) QuickTime Realtek AC'97 Audio Red Square 6 Installed in: C:\RED SQUARE Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939373) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942830) Security Update for Windows XP (KB942831) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Sharpdesk SiS 900 PCI Fast Ethernet Adapter Driver SiS VGA Utilities Spybot - Search & Destroy 1.5.2.20 SpywareBlaster 4.0 StuffPlug 3 UBD 2004 Edition Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites for Windows Live Toolbar Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinPcap 4.0 Yahoo! Toolbar Cheers

06-16-2008, 10:13 PM	#9 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,255 OS: XP SP3	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Hello again, greenoznic. Please save this page to Notepad in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ You have installed Messenger Plus! 3. This program is known to install malware. If the program is a must have, reinstall it and decline when asked to install the sponsor's software. ------------------------------------------------------ Please download fl.zip and Save it to your Desktop. Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat It should produce a report at C:\findlop.txt. Post the contents of the report in your next reply. ------------------------------------------------------ Delete dss.exe from your desktop if it still exists. Delete the following Folder if it still exists: C:\Deckard ------------------------------------------------------ You have old versions of Java still installed. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components. Close any programs you may have running - especially your web browser. Go to Start(or My Computer) > Control Panel and click on Add or Remove Programs Click (highlight) the following items: J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 7 J2SE Runtime Environment 5.0 Update 9 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Restart your computer once all Java components are removed. ------------------------------------------------------ Please download Deckard's System Scanner (DSS) and Save it to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and Paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and Copy and Paste the following into the Upload File from your Computer box: C:\Deckard\System Scanner\extra.txt Click Upload What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. ------------------------------------------------------ Please post the following in your next reply: C:\findlop.txt main.txt an attached extra.txt __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-17-2008, 05:57 PM	#13 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,255 OS: XP SP3	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Congratulations. Well done! Your logs appear clean. You should be good to go. As far as those infected objects listed in the Kaspersky log, those are safely tucked away in ComboFix's quarantine folder or in old System Restore points, which we will be taking care of now. You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix. Delete the zipped file for submission from your desktop. Delete the following Folder if it still exists: C:\SDFix Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already. Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK combofix /u This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore points which contain previous infections, and create a fresh, clean System Restore point. ------------------------------------------------------ MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: How Did I Get Infected In The First Place? by TonyKlein PC Safety and Security--What Do I Need? To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: SpywareBlaster 4.0 prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here SpywareGuard catches and blocks spyware installation and browser hijacking in real-time. See tutorial here IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here Spybot - Search & Destroy 1.5.2 is an excellent spyware remover and also offers real-time protection against critical registry changes. Don't use the Immunize feature if you use SpywareBlaster. See tutorial here Keep your antivirus program and antispyware programs updated and scan with them on a regular basis. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-17-2008, 07:48 PM	#14 (permalink)
greenoznic Registered User Join Date: Jun 2007 Posts: 27 OS: Windows XP	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error Thanks very much for your help.

06-17-2008, 07:55 PM	#15 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,255 OS: XP SP3	Re: Virus, Constant Popups, Rundll32.exe error, userinit.exe error You're very welcome! __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE