[SOLVED] explorer.exe not working

[CindyGrinz]

The system froze. Had to cold boot it from holding in the power key. Once powered back on, all the desktop icons and task bar have disappeared.

I tried doing a system restore but it did nothing.

I have run two online scans in safe mode. Panda showed TRJ/CI.A virus and wwwsk34I.dll as being infected. I turned off system restore, deleted the .dll that Panda could not clean and cleaned the Trojan. Ran a scan again and came back clean.

…still no desktop icons or task bar

In normal mode - with the desktop icons gone, I hit ctrl-alt-delete. No applications show as running.
Under processes, explorer.exe is listed but as using 0% of the CPU.
I have gone under new task and ran explorer.exe and nothing happens.

I have also gone into the regedit and under HKEY_LOCAL_MACHINE …. Software…. Microsoft … windows nt …. Current version,
Clicked on ‘winlogon’ and located the shell on the right side. I deleted the shell value of explorer.exe and put in Explorer.exe

…nothing changed

I did a defrag… nothing changed

I am not able to execute spybot but was able to run adaware 2008 through safe mode.
Note: safe mode does have icons and a task bar.

Oh one other thing I did was create a new profile…. That too, would not show my desktop icons or taskbar.

I’ve listed the hijack this log….
Sure hope someone can guide me through this frustrating situation.
Thanks and may your day turn out beautiful.
Cindy
==================================================
Logfile of HijackThis v1.99.1
Scan saved at 12:00:34 PM, on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/CA/PHOTO/lo...eUploader3.cab
O18 - Protocol: bw+0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: offline-8876480 - {6EF5A0E3-D07A-439F-BA93-DA62E4823D5E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[Katana]

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

[CindyGrinz]

Thank you so very much for taking the time to help me....it is very much appreciated!!!!
Ok, pasted below you'll find the log.txt and info.txt from RIST....

First the log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-10-31 20:27:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (49%) free of 29 GB
Total RAM: 630 MB (76% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3912DDE2-4295-4A5F-A8E4-A1B1C7EF7313}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-03-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-03-17 569344]
"bascstray"=BascsTray.exe []
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-07-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
C:\WINDOWS\system32\BacsTray.exe [2003-05-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2003-01-31 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"wscsvc"=2
"SharedAccess"=2
"mnmsrvc"=3
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\ACT\ACT for Win 7\Act7.exe"="C:\Program Files\ACT\ACT for Win 7\Act7.exe:*:Enabled:ACT! 7.x/2005"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Synology Assistant\DSAssistant.exe"="C:\Program Files\Synology Assistant\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\tinyproxy\tinyproxy1.exe"="C:\Program Files\tinyproxy\tinyproxy1.exe:*:Enabled:TINYPROXY"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-31 20:27:44 ----D---- C:\Program Files\trend micro
2008-10-31 20:27:43 ----D---- C:\rsit
2008-10-31 20:26:10 ----ASH---- C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Application Data\DESKTOP.INI
2008-10-31 20:26:08 ----SD---- C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Application Data\Microsoft
2008-10-31 20:26:08 ----D---- C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Application Data\Sun
2008-10-31 20:26:08 ----D---- C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Application Data\Identities
2008-10-29 11:04:50 ----D---- C:\Program Files\Panda Security
2008-10-29 11:04:44 ----D---- C:\WINDOWS\LastGood.Tmp
2008-10-28 16:23:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 02:01:53 ----DC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 02:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 0250 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-10-31 20:27:44 ----RD---- C:\Program Files
2008-10-31 20:26:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 20:26:06 ----D---- C:\Documents and Settings
2008-10-31 20:20:57 ----D---- C:\WINDOWS\Prefetch
2008-10-31 19:25:48 ----D---- C:\WINDOWS\Temp
2008-10-31 11:03:20 ----SHD---- C:\RECYCLER
2008-10-31 10:32:15 ----HD---- C:\WINDOWS\INF
2008-10-30 12:10:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-30 12:00:23 ----D---- C:\Downloads
2008-10-29 15:42:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-29 14:51:55 ----SHD---- C:\System Volume Information
2008-10-29 14:44:30 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-29 14:43:21 ----D---- C:\WINDOWS
2008-10-29 12:48:32 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 11:08:33 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-28 1720 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-28 16:52:40 ----D---- C:\WINDOWS\SYSTEM32
2008-10-28 16:51:53 ----D---- C:\WINDOWS\system32\CONFIG
2008-10-28 16:51:00 ----D---- C:\WINDOWS\system32\WBEM
2008-10-28 16:51:00 ----D---- C:\WINDOWS\Registration
2008-10-28 02:07:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 02:01:57 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-28 02:00:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-27 10:44:41 ----D---- C:\LG
2008-10-27 10:31:27 ----D---- C:\Program Files\ACT
2008-10-20 16:47:32 ----A---- C:\WINDOWS\imdw.ini
2008-10-16 02:13:16 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:12:08 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:11:44 ----D---- C:\WINDOWS\ie7updates
2008-10-16 02:10:57 ----SHD---- C:\WINDOWS\Installer
2008-10-16 02:10:14 ----A---- C:\WINDOWS\WIN.INI
2008-10-16 02:02:43 ----D---- C:\WINDOWS\Debug
2008-10-14 17:31:19 ----D---- C:\ORC08F
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-07 17217]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-03-17 266768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
S2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
S2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-27 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-27 98938]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 BCM43XX;Dell TrueMobile WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-06-13 254208]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 ProtoWall;ProtoWall Network Service; C:\WINDOWS\System32\DRIVERS\ProtoWall.sys [2004-05-01 31360]
S3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-18 611664]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 avast! iAVS4 Control Service (aswUpdSv);avast! iAVS4 Control Service (aswUpdSv); C:\Program Files\ProtectService\ProtectService.exe [2008-09-15 12032]
S2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\system32\basfipm.exe [2003-04-17 77824]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\WLTRYSVC.EXE [2003-06-13 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-07-12 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


Now the info.txt

nfo.txt logfile of random's system information tool 1.04 2008-10-31 20:27:48

======Uninstall list======

-->C:\Program Files\Installshield Installation Information\{1002F321-18D1-4A79-95C8-84EA3E940287}\QBReplace.exe {1002F321-18D1-4A79-95C8-84EA3E940287}#{BB9C4072-0110-4192-A351-6DCEF8B67AFD}
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT!-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Broadcom ASF Management Applications-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Business Succession v5.0.0-->C:\PROGRA~1\PPIPRO~1\Applets\BUSINE~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\BUSINE~1\INSTALL.LOG
Capital Alternatives v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\CAPITA~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\CAPITA~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Client Manager How To Training-->MsiExec.exe /I{9D901875-F78E-11D8-81E4-00B0D075DF5C}
Client Manager-->MsiExec.exe /X{18D60DE4-F9E2-11D8-81E8-00B0D075DF5C}
CM Update-->MsiExec.exe /X{810965E6-09A8-11DA-822D-00B0D075DF5C}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Composer Illustration System v06.05.07-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.06.01-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.06.04-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.07.02-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.11.01-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.11.03-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Composer Illustration System v06.12.00-->C:\PROGRA~1\Composer\UNWISE.EXE C:\PROGRA~1\Composer\INSTALL.LOG
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell TrueMobile 1300 WLAN Mini-PCI Card-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Destiny-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33A34330-B750-43B3-A984-D43354F11A8E}\Setup.exe" -l0x9
Destiny-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64F5D552-A678-48ED-A895-61CF0BB9E62C}\Setup.exe" -l0x9
Diamond View Framework-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Common Files\Manulife Financial\DeIsL2.isu" -cC:\PROGRA~1\COMMON~1\MANULI~1\_ISREG32.DLL
Diamond View Framework-->MsiExec.exe /X{332810A4-E6F6-11D8-9BD7-000103E0519E}
Diamond View InfoCentral-->MsiExec.exe /I{75E2A604-6850-44FC-A5E8-6497B9544F7E}
Diamond View Launcher-->MsiExec.exe /X{C45C544E-5047-11D9-8216-00B0D075DF5C}
Diamond View Update-->MsiExec.exe /X{32D3C724-3E32-11D9-8211-00B0D075DF5C}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
DS-MP3 Source 1.30-->"C:\Program Files\DS-MP3 Source\Uninstall.exe"
e-app-->C:\WINDOWS\uninst.exe -fC:\PROGRA~1\MANULI~1\transACT\e-app\DeIsL2.isu -cC:\PROGRA~1\MANULI~1\transACT\e-app\_ISREG32.DLL
Estate G.I.C. v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~2\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~2\INSTALL.LOG
Estate Security Fund v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~1\INSTALL.LOG
Estate Security Fund v4.1.1-->C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ESTATE~1\INSTALL.LOG
ExecPlus v1.0.13-->C:\PROGRA~1\PPIPRO~1\Applets\ExecPlus\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ExecPlus\INSTALL.LOG
ExecPlus v1.0.20-->C:\PROGRA~1\PPIPRO~1\Applets\ExecPlus\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ExecPlus\INSTALL.LOG
ffdshow [rev 1058+] [2007-03-22]-->"C:\Program Files\ffdshow\unins000.exe"
FinePixViewer Ver.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Great-West Life Reference Material 10.3-->MsiExec.exe /I{362A7E97-E7FC-4ED5-9C81-297C7EDAEB79}
Great-West Life Reference Material 9.3-->MsiExec.exe /I{9BD3ADB3-748F-466A-AB52-C69560233DAA}
GWL Life Connection 10.0-->MsiExec.exe /I{20D79617-C41D-409B-985F-2383045C09DB}
GWL Life Connection 13.0-->MsiExec.exe /I{28D198C1-04C5-4B60-95EF-755D64E5C099}
GWL Life Electronic Application -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1E8B5C0-9E14-4FAA-AC29-BCD59D66611A}\Setup.exe" -l0x9
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1-->\\Cindys\Downloads\HijackThis.exe /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP OrderReminder-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
IBM OnDemand AFP Web Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13AD0029-FB8E-470E-9EFE-84DA4F5A54AB}\Setup.exe" Remove
ICF Solutions v3.1.6-->C:\PROGRA~1\PPIPRO~1\Applets\ICFSOL~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ICFSOL~1\INSTALL.LOG
ICF Solutions v4.2.2-->C:\PROGRA~1\PPIPRO~1\Applets\ICFSOL~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\ICFSOL~1\INSTALL.LOG
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Income and Estate Analysis (V2.0.9)-->C:\PROGRA~1\PPIPRO~1\INCOME~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\INCOME~1\INSTALL.LOG
InfoMack 4.0 for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5383386-BD91-11D5-9D11-0006292661C0}\setup.exe" -uninst
Inforce - En vigueur-->MsiExec.exe /I{3100DCCF-F48A-49A3-8B81-F5C00E99959D}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Internet Data Download-->MsiExec.exe /I{B16C4207-FA89-11D8-81EA-00B0D075DF5C}
Investment Loan / Prêt Placement-->MsiExec.exe /I{85184706-2E77-11D9-9BE0-000103E0519E}
InvoPlus-->MsiExec.exe /I{5A3D0280-958F-4DCA-8C16-DA132E06BA2C}
Java 2 Runtime Environment Standard Edition v1.3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KeyView Wrapper-->MsiExec.exe /I{9CADAD37-28E2-48C5-A81E-6F9AE3F5A87B}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 1.03-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserJet 1018-->C:\Program Files\Zenographics\{8FEF3736-6B31-4C19-A762-EBD5F1A4775D}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LEApp R4V4-->MsiExec.exe /I{9D72CE85-03E6-4E03-B287-07762C3BBAF2}
Life Connection 4.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{135964A3-133B-49F6-A2A8-613B536A2236} /l1033
Life Insurance Considerations v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\LIFEIN~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\LIFEIN~1\INSTALL.LOG
Life Insurance Considerations v4.1.1-->C:\PROGRA~1\PPIPRO~1\Applets\LIFEIN~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\LIFEIN~1\INSTALL.LOG
Living Benefits 4.70-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{209255AF-E7F3-4FF3-86EE-575C35BA716D}\Setup.exe" -l0x9
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Manulife - Concept slideshows-->MsiExec.exe /I{5D8E43A9-E7D8-46FF-82AD-A9D3FBDF5B82}
Manulife - Concept slideshows-->MsiExec.exe /I{74F5E094-6D3B-4D60-B1E8-3FA53FA01B90}
Manulife - Concepts-->MsiExec.exe /I{476606EC-1D6F-489A-82EE-58FAC8148847}
Manulife - Concepts-->MsiExec.exe /I{A52FD2D4-9AB2-43B1-8DC7-49A26724F3AF}
Manulife - e-app-->MsiExec.exe /X{CC28A932-CF5C-4641-8E81-6A509FF07145}
Manulife - e-app-->MsiExec.exe /X{FF5911F9-AD72-4BA6-BF74-CD2FBA2F2565}
Manulife - Insure Right / Manuvie - Bien s'assurer-->MsiExec.exe /I{59609F09-6C69-490A-A305-3F29A3EEC912}
Manulife - Launcher-->MsiExec.exe /I{CB80755B-F7C5-4308-9470-630F6A589396}
Manulife - LifeWise/Manuvie - Accent-Vie-->MsiExec.exe /I{ED156A28-0699-46C6-ACA2-11EBB801DCDD}
Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire-->MsiExec.exe /I{99D423ED-7F42-4261-98A9-099F2635E5F9}
Manulife - Living Benefits-->MsiExec.exe /I{A9870FE5-332B-4A9A-8C16-28C2B56F087D}
Manulife - Performax-->MsiExec.exe /X{9C007901-7F58-4A3B-8F0E-194E16612B3D}
Manulife - Personal Accident - Invalidité Accidents-->MsiExec.exe /I{0C056AF4-C608-4833-97CC-237EC39EF75A}
Manulife - Term-->MsiExec.exe /I{13CB2B24-155C-4DC8-9341-6EA7AA5019BF}
Manulife - Universal Life-->MsiExec.exe /I{5EA79CA8-CC46-49B2-AFE3-0CECEBBD4EB0}
Manulife Financial - Health and Dental-->MsiExec.exe /X{312EC6FB-74CA-4209-947C-998F7B2FFC2C}
Manulife One Calculator / Calculateur Manuvie Un-->MsiExec.exe /I{C482A936-340B-11D9-9BE1-000103E0519E}
MDAC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDBCE73B-96DD-44EF-B413-6A148F3855B3}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MicroStaff WINASPI NT-->C:\MWASPINT\uninst.exe
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML-->MsiExec.exe /I{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nominee Name Conversion Expert-->MsiExec.exe /I{742F89E5-F9CB-11D8-81E7-00B0D075DF5C}
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
ORC Trial Version-->"c:\ORCTrial\uninstall.exe"
Otar Retirement Calculator-->"C:\ORC08F\uninstall.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Password Safe-->"C:\Program Files\Password Safe\Uninstall.exe"
Personal Security v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\PERSON~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\PERSON~1\INSTALL.LOG
Policy Contract v5.0.0-->C:\PROGRA~1\PPIPRO~1\Applets\POLICY~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\POLICY~1\INSTALL.LOG
PPI Toolkit v1.1.0.7-->C:\PROGRA~1\PPIPRO~1\PPITOO~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\PPITOO~1\INSTALL.LOG
PPI Toolkit v1.1.0-->C:\PROGRA~1\PPIPRO~1\PPITOO~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\PPITOO~1\INSTALL.LOG
Preferred Prepayment Option-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Manulife Financial\Preferred Prepayment Option\DeIsL1.isu" -c"C:\Program Files\Manulife Financial\Preferred Prepayment Option\_ISREG32.DLL"
QuickBooks Basic Edition 2005-->C:\Program Files\Installshield Installation Information\{442E5921-1BB6-4EAA-893D-62291D87219A}\QBReplace.exe {442E5921-1BB6-4EAA-893D-62291D87219A}#{BA0FD89C-32B4-4D4E-A024-D2B071C84749}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RBC Illustrations System-->C:\PROGRA~1\RBCILL~1\UNWISE.EXE C:\PROGRA~1\RBCILL~1\INSTALL.LOG
Restructured Term v4.1.5-->C:\PROGRA~1\PPIPRO~1\Applets\RESTRU~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\RESTRU~1\INSTALL.LOG
Restructured Term v4.1.6-->C:\PROGRA~1\PPIPRO~1\Applets\RESTRU~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\RESTRU~1\INSTALL.LOG
Retirement Risk v5.0.0-->C:\PROGRA~1\PPIPRO~1\Applets\RETIRE~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\RETIRE~1\INSTALL.LOG
Risk Analysis v5.0.0-->C:\PROGRA~1\PPIPRO~1\Applets\RISKAN~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\RISKAN~1\INSTALL.LOG
RRSP RRIF Estate Enhancement Program v4.1.0-->C:\PROGRA~1\PPIPRO~1\Applets\RRSPRR~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\RRSPRR~1\INSTALL.LOG
SAS v1.0.6-->C:\PROGRA~1\PPIPRO~1\Applets\SAS\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\SAS\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
Smart Funding v5.0.3-->C:\PROGRA~1\PPIPRO~1\Applets\SMARTF~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\SMARTF~1\INSTALL.LOG
Sonata-->C:\Program Files\InstallShield Installation Information\{5DD3B1AB-67FE-46E0-A3E4-C0224022D3C0}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
transACT-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Manulife Financial\transACT\DeIsL1.isu" -c"C:\Program Files\Manulife Financial\transACT\_ISREG32.DLL"
triAccess v1.0.73-->C:\PROGRA~1\PPIPRO~1\Applets\TRIACC~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\TRIACC~1\INSTALL.LOG
triAccess v1.0.76-->C:\PROGRA~1\PPIPRO~1\Applets\TRIACC~1\UNWISE.EXE C:\PROGRA~1\PPIPRO~1\Applets\TRIACC~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"
ZoomExpressKeyview 10.3-->MsiExec.exe /I{43802892-E55E-4013-B059-92A73618F443}
ZoomExpressKeyview 9.3-->MsiExec.exe /I{5B6D53E7-969B-4BC8-AB30-04BB2D71B44E}

=====HijackThis Backups=====

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O11 - Options group: [INTERNATIONAL] International*
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

======Hosts File======

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

======Security center information======

AV: AVG 7.5.524
AV: avast! antivirus 4.8.1229 [VPS 081027-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\MANUFACT;C:\MLI\BIN;C:\MLI\PRODUCT;C:\MLI\RPTENGIN;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\MLI\Bin;C:\MLI\Product;C:\MLI\Rptengin;C:\Program Files\Common Files\Manulife Financial
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Again - I'd like to express my gratitude for your help...thank you very much!
Cindy

[Katana]

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download and Run SD Fix

Please download SDFix( by andymanchesta ) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

----------------------------------------------------------- -----------------------------------------------------------
Step 3


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• MalwareBytes Log
• SDFix Log
• ComboFix Log
• How are things running now ?

[CindyGrinz]

I did everything you told me to do.
You have no idea how very grateful I am for all your help.
It seems to have worked.

I have the desktop back including tool bar and icons.

Thank you kindly Katana!

Please find below all three logs you have asked me to post.

Should I rescan hijack this and post a new log or should everything be fine now?

======================================================
Malwarebytes' Anti-Malware 1.30
Database version: 1354
Windows 5.1.2600 Service Pack 3

01/11/2008 7:26:34 PM
mbam-log-2008-11-01 (19-26-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 121330
Time elapsed: 35 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3912dde2-4295-4a5f-a8e4-a1b1c7ef7313} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\_unodbc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\690974 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\907465 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\846888 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\_unodbc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

========================================


SDFix: Version 1.238
Run by Administrator on 01/11/2008 at 07:44 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 20:42:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Murray\Local Settings\Temporary Internet Files\Content.IE5\6E24DJ5E\CAWG7E49CA4CWUH6CAB01MJXCAEA4FKHCAH18PFGCAD194MWCA2K8WIWCAL0TTQ5CAK38RR6CAMLMQ7DCAJ0N3K0CAUZ6EIYCAHSY1TDCAK48RNYCALWWQHECA2YK2LICAO2IG7GCAJB1ZTVCAQJI7QGCA41XTVM 0 bytes
C:\Documents and Settings\Murray\Local Settings\Temporary Internet Files\Content.IE5\6E24DJ5E\wbk300.tmp 5827 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"="C:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe:*:Enabled:ACT! 7.x/2005"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windowsr NetMeetingr"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"="C:\\Program Files\\Synology Assistant\\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\tinyproxy\\tinyproxy1.exe"="C:\\Program Files\\tinyproxy\\tinyproxy1.exe:*:Enabled:TINYPROXY"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 15 Sep 2008 12,032 ..SHR --- "C:\Program Files\ProtectService\ProtectService.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Thu 9 Dec 2004 56 ..SHR --- "C:\WINDOWS\SYSTEM32\E91688A5BD.sys"
Thu 9 Dec 2004 1,682 A.SH. --- "C:\WINDOWS\SYSTEM32\KGyGaAvL.sys"
Mon 27 Oct 2008 18,432 A..H. --- "C:\Documents and Settings\Murray\Application Data\EHEncrypt.dll"
Mon 27 Oct 2008 19,968 A..H. --- "C:\Documents and Settings\Murray\Application Data\EHMD5.dll"
Mon 27 Oct 2008 52,224 A..H. --- "C:\Documents and Settings\Murray\Application Data\EHZComp.dll"
Mon 27 Oct 2008 33,280 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSEncryptPlugin1636.dll"
Mon 27 Oct 2008 36,352 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSFolderitemsCreatePlugin1635.dll"
Mon 27 Oct 2008 32,256 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSIconPlugin1635.dll"
Mon 27 Oct 2008 28,672 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSMacOSXPlugin1635.dll"
Mon 27 Oct 2008 41,984 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSMainPlugin1635.dll"
Mon 27 Oct 2008 29,184 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSMemoryPlugin1635.dll"
Mon 27 Oct 2008 53,760 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSPicturePlugin1635.dll"
Mon 27 Oct 2008 37,376 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSPictureMacPlugin1635.dll"
Mon 27 Oct 2008 25,088 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSPluginVersionPlugin1635.dll"
Mon 27 Oct 2008 32,256 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSProcessPlugin1636.dll"
Mon 27 Oct 2008 54,272 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSQTImporterPlugin1635.dll"
Mon 27 Oct 2008 49,664 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSQuickTimePlugin1636.dll"
Mon 27 Oct 2008 29,184 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSRectPlugin1635.dll"
Mon 27 Oct 2008 26,112 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSRegistrationPlugin1636.dll"
Mon 27 Oct 2008 36,352 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSRegistryPlugin1636.dll"
Mon 27 Oct 2008 48,128 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSResPlugin1635.dll"
Mon 27 Oct 2008 26,112 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSResStreamPlugin1635.dll"
Mon 27 Oct 2008 26,624 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSUsernamePlugin1635.dll"
Mon 27 Oct 2008 51,712 A..H. --- "C:\Documents and Settings\Murray\Application Data\MBSWinPlugin1635.dll"
Mon 27 Oct 2008 64,512 A..H. --- "C:\Documents and Settings\Murray\Application Data\rbap450.dll"
Mon 27 Oct 2008 75,776 A..H. --- "C:\Documents and Settings\Murray\Application Data\rbqt450.DLL"
Mon 27 Oct 2008 41,472 A..H. --- "C:\Documents and Settings\Murray\Application Data\RBShell400.dll"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!


ComboFix 08-11-02.03 - Administrator 2008-11-02 16:53:58.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.473 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Murray\Application Data\EHMD5.dll
C:\Documents and Settings\Murray\Application Data\MBSEncryptPlugin1636.dll
C:\Documents and Settings\Murray\Application Data\MBSFolderitemsCreatePlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSIconPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSMacOSXPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSMainPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSMemoryPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSPictureMacPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSPicturePlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSPluginVersionPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSProcessPlugin1636.dll
C:\Documents and Settings\Murray\Application Data\MBSQTImporterPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSQuickTimePlugin1636.dll
C:\Documents and Settings\Murray\Application Data\MBSRectPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSRegistrationPlugin1636.dll
C:\Documents and Settings\Murray\Application Data\MBSRegistryPlugin1636.dll
C:\Documents and Settings\Murray\Application Data\MBSResPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSResStreamPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSUsernamePlugin1635.dll
C:\Documents and Settings\Murray\Application Data\MBSWinPlugin1635.dll
C:\Documents and Settings\Murray\Application Data\rbap450.dll
C:\Documents and Settings\Murray\Application Data\rbqt450.DLL
C:\Documents and Settings\Murray\Application Data\RBShell400.dll
C:\Program Files\ProtectService
C:\Program Files\ProtectService\ProtectService.exe
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-01 18:42 . 2008-11-01 18:42 578,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-11-01 18:39 . 2008-11-01 18:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 17:31 . 2008-11-01 17:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-01 17:31 . 2008-11-01 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-01 17:31 . 2008-11-01 17:31 <DIR> d-------- C:\Documents and Settings\Administrator.MURRAY-LAPTOP\Application Data\Malwarebytes
2008-11-01 17:31 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-01 17:31 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-11-01 17:30 . 2008-11-01 19:48 <DIR> d-------- C:\SDFix
2008-10-31 19:27 . 2008-10-31 19:27 <DIR> d-------- C:\rsit
2008-10-31 19:27 . 2008-10-31 19:27 <DIR> d-------- C:\Program Files\trend micro
2008-10-31 19:26 . 2008-10-31 19:26 <DIR> d-------- C:\Documents and Settings\Administrator.MURRAY-LAPTOP
2008-10-31 09:14 . 2008-10-31 09:14 <DIR> d-------- C:\Documents and Settings\FixIt.MURRAY-LAPTOP
2008-10-29 10:05 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-10-29 10:04 . 2008-10-29 10:04 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-29 10:04 . 2008-10-29 10:04 <DIR> d-------- C:\Program Files\Panda Security
2008-10-28 15:47 . 2008-10-28 15:49 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-10-27 08:09 . 2008-10-27 08:09 52,224 --ah----- C:\Documents and Settings\Murray\Application Data\EHZComp.dll
2008-10-27 08:09 . 2008-10-27 08:09 18,432 --ah----- C:\Documents and Settings\Murray\Application Data\EHEncrypt.dll
2008-10-15 02:55 . 2008-09-08 05:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 02:53 . 2008-08-14 05:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 02:53 . 2008-08-14 05:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 02:53 . 2008-08-14 04:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 02:53 . 2008-08-14 04:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-15 02:53 . 2008-09-15 07:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 16:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-27 14:31 --------- d-----w C:\Program Files\ACT
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-19 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-18 16:57 --------- d-----w C:\Program Files\Lavasoft
2008-09-18 16:57 --------- d-----w C:\Documents and Settings\Murray\Application Data\Lavasoft
2008-09-18 16:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 13:48 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 16:39 --------- d-----w C:\Program Files\Yahoo!
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-11 18:13 --------- d-----w C:\Program Files\Zoom Player
2008-09-09 15:21 --------- d-----w C:\Program Files\ZoomExpressKeyview
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 18:44 0 ----a-w C:\REGISTRY.DAT
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-03-27 18:01 56,912 ----a-w C:\Documents and Settings\Murray\g2mdlhlpx.exe
2004-07-07 22:11 36 ----a-w C:\Documents and Settings\Murray\klextlock.dat
1999-06-25 16:55 149,504 ----a-w C:\Program Files\UnComposer06.12.00.exe
1999-06-25 16:55 149,504 ----a-w C:\Program Files\UnComposer06.06.04.exe
1999-06-25 15:55 149,504 ----a-w C:\Program Files\UnComposer06.11.03.exe
1999-06-25 15:55 149,504 ----a-w C:\Program Files\UnComposer06.07.02.exe
1999-06-25 15:55 149,504 ----a-w C:\Program Files\UnComposer06.06.01.exe
1999-06-25 15:55 149,504 ----a-w C:\Program Files\UnComposer06.05.07.exe
1999-06-25 14:55 149,504 ----a-w C:\Program Files\UnComposer06.11.01.exe
2004-12-09 17:21 56 --sh--r C:\WINDOWS\SYSTEM32\E91688A5BD.sys
2004-12-09 17:38 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 569344]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-28 413696]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 C:\WINDOWS\LOGI_MWX.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DiamondView"="C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-02-18 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-04 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-02 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2003-01-31 12:27 364544 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
--a------ 2003-05-14 19:37 98304 C:\WINDOWS\SYSTEM32\BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2002-12-24 59520]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 avast! iAVS4 Control Service (aswUpdSv);avast! iAVS4 Control Service (aswUpdSv);C:\Program Files\ProtectService\ProtectService.exe [ ]
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys [2004-05-01 31360]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-bascstray - BascsTray.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell.com
R0 -: HKLM-Main,Start Page = about:blank
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 16:56:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-02 16:58:19
ComboFix-quarantined-files.txt 2008-11-02 21:58:01

Pre-Run: 14,469,595,136 bytes free
Post-Run: 14,483,714,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

197 --- E O F --- 2008-10-16 06:13:17

[Katana]

Step 1



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Files )

Code:

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"80:TCP"=-
"53:TCP"=-
:Files
:Commands
[Purity]
[EmptyTemp]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


----------------------------------------------------------- -----------------------------------------------------------
Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Now download and install Java Runtime Environment (JRE) .

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 4


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• OTMoveIt Log
• Kaspersky Log
• How are things running now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

[CindyGrinz]

Please find below the logs as requested - OTMoveIT log, the Java RA log and the Kaspersky online scan, when finished, had nothing in the log.....there was nothing to copy and paste and I made sure it completely finished...
Is there anything else that should be done now?
Please, do enjoy your Monday afternoon.

...thanks Katara

Cindy


========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\80:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\53:TCP not found.
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Murray\LOCALS~1\Temp\~DF3847.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Murray\LOCALS~1\Temp\~DF385B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETB6E1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETBA52.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_111814

Files moved on Reboot...
File C:\DOCUME~1\Murray\LOCALS~1\Temp\~DF3847.tmp not found!
File C:\DOCUME~1\Murray\LOCALS~1\Temp\~DF385B.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETB6E1.tmp not found!
File C:\WINDOWS\temp\JETBA52.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_d4.dat not found!


JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Nov 03 11:41:46 2008

Found and removed: C:\Program Files\Java\j2re1.4.2
Found and removed: C:\Documents and Settings\All Users\Start Menu\Programs\Java 2 Runtime Environment
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142000}
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040}
Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge
Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.3
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142000}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142040}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410200
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410204
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410200
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204
Found and removed: SOFTWARE\Classes\JavaPlugin.142
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: C:\Program Files\JavaSoft
------------------------------------
Finished reporting.

[Katana]

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

You can also delete any logs we have produced, and empty your Recycle bin.





The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

[CindyGrinz]

Posting back one more time to not only let you know everything is OK but to ensure you recieve the thanks you deserve.

Thank you
...for your time
...for your knowledge
...for your patience
...for your sharing
...for the personal work you've put into learning all of this knowledge!
:)

[Katana]

Thank you for your kind words