Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WINANTIVIRUSPRO POP UP

Started by pug206 , Sep 25 2006 03:57 AM

  • Please log in to reply

#1
pug206
Posted 25 September 2006 - 03:57 AM

pug206

    New Member

  • Member
  • Pip
  • 5 posts
Hi
I keep getting winantivirus pro pop ups.
here's the log from hijackthis and the ComboFix log.
Any help would be useful. Thanks


Logfile of HijackThis v1.99.1
Scan saved at 10:57:09, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.melisaho.com/
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?112a1b831b804c0294bbe88440d0938b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?112a1b831b804c0294bbe88440d0938b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155127243890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O18 - Protocol: bw+0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Melisa - 06-09-25 11:00:26.79 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Melisa\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{286FEEFB-07DA-1033-0113-04123103002c}


((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-25 10:17 45,525 --a------ C:\WINDOWS\system32\kiuvneck.dll
2006-09-24 01:22 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-09-24 01:21 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-09-21 13:08 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-09-20 17:23 623,152 ---hs---- C:\WINDOWS\system32\lnnmp.ini2
2006-09-17 17:49 621,665 ---hs---- C:\WINDOWS\system32\lnnmp.bak2
2006-09-16 17:49 785,863 ---hs---- C:\WINDOWS\system32\lnnmp.bak1
2006-09-16 17:48 577,588 ---hs---- C:\WINDOWS\system32\pmnnl.dll
2006-09-03 04:55 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2006-08-26 17:26 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-08-26 17:26 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-08-26 17:26 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2006-08-26 17:26 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-26 17:24 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-08-26 17:22 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2006-08-26 17:21 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-08-25 13:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-25 13:31 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2006-08-25 13:31 53,248 --a------ C:\WINDOWS\StillCap.exe
2006-08-25 13:31 49,152 --a------ C:\WINDOWS\amcap.exe
2006-08-25 13:31 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2006-08-25 13:31 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2006-08-25 13:31 24,576 --a------ C:\WINDOWS\system32\RunSetup.dll
2006-08-25 13:31 24,576 --a------ C:\WINDOWS\RunSetup.dll
2006-08-25 13:31 147,456 --a------ C:\WINDOWS\VMCap.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 11:01 -------- d-------- C:\Program Files\Common Files
2006-09-25 10:56 -------- d-------- C:\Program Files\Hijackthis
2006-09-25 10:54 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-25 08:00 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AVG7
2006-09-24 19:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 18:42 -------- d-------- C:\Program Files\CleanUp!
2006-09-24 18:17 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Opera
2006-09-24 18:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 18:01 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-24 18:00 -------- d-------- C:\Program Files\Adobe
2006-09-24 17:40 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Adobe
2006-09-24 16:02 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 15:57 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Talkback
2006-09-24 01:52 -------- d-------- C:\Program Files\ESET
2006-09-24 01:22 -------- d-------- C:\Program Files\Sygate
2006-09-24 01:22 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-24 01:19 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-22 13:36 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AdobeUM
2006-09-21 13:48 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Help
2006-09-21 13:41 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 13:41 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-21 13:41 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-21 13:41 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-21 13:41 23296 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-21 13:41 -------- d-------- C:\Program Files\Grisoft
2006-09-21 13:28 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-21 13:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-21 13:24 -------- d-------- C:\Program Files\Symantec
2006-09-21 13:13 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-21 13:05 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Registry Booster
2006-09-20 23:10 -------- d---s---- C:\Documents and Settings\Melisa\Application Data\Microsoft
2006-09-20 12:24 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Lavasoft
2006-09-20 12:23 -------- d-------- C:\Program Files\Lavasoft
2006-09-15 11:17 -------- d-------- C:\Documents and Settings\Melisa\Application Data\LimeWire
2006-09-11 00:36 -------- d-------- C:\Program Files\Cool MP3 Splitter
2006-09-01 15:11 -------- d-------- C:\Documents and Settings\Melisa\Application Data\dvdcss
2006-09-01 14:34 -------- d-------- C:\Documents and Settings\Melisa\Application Data\MediaLife
2006-08-28 17:12 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Real
2006-08-28 17:11 -------- d-------- C:\Program Files\Real
2006-08-28 17:11 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-28 17:10 -------- d-------- C:\Program Files\Common Files\Real
2006-08-28 10:50 -------- d-------- C:\Program Files\MUSICMATCH
2006-08-27 00:24 -------- d-------- C:\Program Files\BitComet
2006-08-27 00:11 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Apple Computer
2006-08-26 23:09 -------- d-------- C:\Program Files\Debugging Tools for Windows
2006-08-26 17:29 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Logitech
2006-08-26 17:24 -------- d-------- C:\Program Files\Logitech
2006-08-26 17:24 -------- d-------- C:\Program Files\CyberLink
2006-08-26 17:22 -------- d-------- C:\Program Files\Common Files\Logitech
2006-08-25 13:36 -------- d-------- C:\Program Files\MSN Messenger
2006-08-25 13:31 -------- d-------- C:\Program Files\Vimicro
2006-08-25 13:30 -------- d-------- C:\Program Files\SyscanVideo
2006-08-25 13:30 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-23 22:02 -------- d-------- C:\Program Files\IVT Corporation
2006-08-23 13:12 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Ahead
2006-08-22 17:21 -------- d-------- C:\Program Files\SoftwareRevenue.org
2006-08-22 17:20 2693578 --a------ C:\WINDOWS\system32\mi2.exe
2006-08-22 17:18 379071 --a------ C:\WINDOWS\system32\mi1.exe
2006-08-21 17:29 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-21 17:29 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-21 17:26 96256 --a------ C:\WINDOWS\system32\drivers\sptd7597.sys
2006-08-21 17:26 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 17:50 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-08-20 15:52 -------- d-------- C:\Program Files\Yahoo!
2006-08-20 15:43 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-20 15:34 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Macromedia
2006-08-20 15:33 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-08-20 15:32 -------- d-------- C:\Program Files\Macromedia
2006-08-20 15:30 -------- d-------- C:\Program Files\MSBuild
2006-08-20 15:30 -------- d-------- C:\Program Files\Microsoft Office
2006-08-20 15:30 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-20 15:29 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-20 15:29 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-20 15:28 -------- d-------- C:\Program Files\Microsoft Works
2006-08-20 15:28 -------- d-------- C:\Program Files\Common Files\System
2006-08-20 14:19 -------- d-------- C:\Program Files\MSN Toolbar Suite
2006-08-19 16:39 -------- d-------- C:\Program Files\Whisper Technology
2006-08-19 15:58 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AdobeAUM
2006-08-19 15:57 1557 --a------ C:\Documents and Settings\Melisa\Application Data\AdobeDLM.log
2006-08-19 15:57 0 --a------ C:\Documents and Settings\Melisa\Application Data\dm.ini
2006-08-19 15:41 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Sun
2006-08-19 14:27 -------- d-------- C:\Program Files\Java
2006-08-19 14:21 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 14:21 -------- d-------- C:\Program Files\Outlook Express
2006-08-19 14:19 -------- d-------- C:\Program Files\Messenger
2006-08-19 14:01 -------- d-------- C:\Program Files\Movie Maker
2006-08-19 13:59 -------- d-------- C:\Program Files\Windows NT
2006-08-19 13:59 -------- d-------- C:\Program Files\NetMeeting
2006-08-19 12:01 -------- d-------- C:\Program Files\LimeWire
2006-08-19 11:58 -------- d-------- C:\Program Files\Common Files\Java
2006-08-19 11:13 -------- d-------- C:\Documents and Settings\Melisa\Application Data\vlc
2006-08-19 11:12 -------- d-------- C:\Program Files\VideoLAN
2006-08-19 01:53 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-19 01:52 -------- d-------- C:\Program Files\Nero
2006-08-18 23:59 -------- d-------- C:\Program Files\QuickTime
2006-08-18 23:58 -------- d-------- C:\Program Files\iTunes
2006-08-18 23:58 -------- d-------- C:\Program Files\iPod
2006-08-18 23:56 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-18 23:56 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-18 23:55 -------- d-------- C:\Program Files\WinRAR
2006-08-18 23:50 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Mozilla
2006-08-14 16:01 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-09 11:32 -------- d-------- C:\Program Files\VIAudioi
2006-08-06 16:15 -------- d-------- C:\Program Files\Softwin
2006-08-06 16:15 -------- d-------- C:\Program Files\Common Files\Softwin
2006-08-06 15:12 62 --ahs---- C:\Documents and Settings\Melisa\Application Data\desktop.ini
2006-08-06 15:06 -------- d-------- C:\Program Files\Common Files\Vbox
2006-08-06 14:40 15890 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-08-06 14:19 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-06 14:19 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Identities
2006-08-06 14:15 0 -rahs---- C:\MSDOS.SYS
2006-08-06 14:15 0 -rahs---- C:\IO.SYS
2006-08-06 14:15 0 --a------ C:\CONFIG.SYS
2006-08-06 14:15 0 --a------ C:\AUTOEXEC.BAT
2006-08-06 14:15 -------- d-------- C:\Program Files\xerox
2006-08-06 14:15 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-05 15:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-05 15:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-05 14:22 -------- d-------- C:\Program Files\Common Files\Services
2006-08-05 14:22 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-05 14:21 -------- d-------- C:\Program Files\Online Services
2006-08-05 14:21 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-05 14:21 -------- d-------- C:\Program Files\MSN
2006-08-05 14:21 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaLifeService"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSNTOO~1\\DS\\020500~1.111\\en-gb\\bin\\WINDOW~3.EXE /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Melisa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Melisa^Start Menu^Programs^Startup^MagicDisc.lnk]
"backup"="C:\\WINDOWS\\pss\\MagicDisc.lnkStartup"
"location"="Startup"
"item"="MagicDisc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ewido"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BigDogPath]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnl

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 25/09/2006 11:02:31.93
ComboFix.txt

Edited by pug206, 25 September 2006 - 04:05 AM.

  • 0

Advertisements

#2
loophole
Posted 25 September 2006 - 10:44 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello


Pleases right click Hijackthis and rename it to HJT.exe

Please download the Killbox by Option^Explicit. Save it to the desktop, we will use it later

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#3
pug206
Posted 25 September 2006 - 02:44 PM

pug206

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 20:34:08 25/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.tmp
C:\WINDOWS\system32\lnnmp.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 20:55:20 25/09/2006

Listing files found while scanning....


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 20:59:44 25/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 21:23:09 25/09/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnnl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 21:44:08, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.melisaho.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - blank (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E502EE19-14A3-4568-B40B-81435067166C} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?112a1b831b804c0294bbe88440d0938b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?112a1b831b804c0294bbe88440d0938b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155127243890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O18 - Protocol: bw+0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#4
loophole
Posted 25 September 2006 - 02:48 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
pug206
Posted 25 September 2006 - 04:04 PM

pug206

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Melisa - 06-09-25 23:03:32.51 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Melisa\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-25 17:06 143,380 --a------ C:\WINDOWS\system32\awbcvgoy.exe
2006-09-25 10:17 45,525 --a------ C:\WINDOWS\system32\kiuvneck.dll
2006-09-24 01:22 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-09-24 01:21 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-09-21 13:08 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-09-03 04:55 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2006-08-26 17:26 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-08-26 17:26 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-08-26 17:26 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2006-08-26 17:26 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-26 17:24 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-08-26 17:22 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2006-08-26 17:21 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-08-25 13:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-25 13:31 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2006-08-25 13:31 53,248 --a------ C:\WINDOWS\StillCap.exe
2006-08-25 13:31 49,152 --a------ C:\WINDOWS\amcap.exe
2006-08-25 13:31 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2006-08-25 13:31 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2006-08-25 13:31 24,576 --a------ C:\WINDOWS\system32\RunSetup.dll
2006-08-25 13:31 24,576 --a------ C:\WINDOWS\RunSetup.dll
2006-08-25 13:31 147,456 --a------ C:\WINDOWS\VMCap.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 22:49 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Skype
2006-09-25 21:44 -------- d-------- C:\Program Files\Hijackthis
2006-09-25 21:17 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Windows Desktop Search
2006-09-25 21:16 -------- d-------- C:\Program Files\Windows Desktop Search
2006-09-25 21:13 -------- d---s---- C:\Documents and Settings\Melisa\Application Data\Microsoft
2006-09-25 21:12 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-25 21:12 -------- d-------- C:\Program Files\Windows Live Favorites
2006-09-25 20:30 -------- d-------- C:\Program Files\Skype
2006-09-25 17:06 -------- d-------- C:\Program Files\VSToolbar
2006-09-25 17:06 -------- d-------- C:\Documents and Settings\Melisa\Application Data\SearchToolbarCorp
2006-09-25 11:01 -------- d-------- C:\Program Files\Common Files
2006-09-25 10:54 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-25 08:00 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AVG7
2006-09-24 19:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-24 18:42 -------- d-------- C:\Program Files\CleanUp!
2006-09-24 18:17 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Opera
2006-09-24 18:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 18:01 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-24 18:00 -------- d-------- C:\Program Files\Adobe
2006-09-24 17:40 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Adobe
2006-09-24 16:02 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 15:57 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Talkback
2006-09-24 01:52 -------- d-------- C:\Program Files\ESET
2006-09-24 01:22 -------- d-------- C:\Program Files\Sygate
2006-09-24 01:22 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-24 01:19 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-22 13:36 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AdobeUM
2006-09-21 13:48 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Help
2006-09-21 13:41 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 13:41 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-21 13:41 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-21 13:41 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-21 13:41 23296 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-21 13:41 -------- d-------- C:\Program Files\Grisoft
2006-09-21 13:28 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-21 13:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-21 13:24 -------- d-------- C:\Program Files\Symantec
2006-09-21 13:13 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-21 13:05 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Registry Booster
2006-09-20 12:24 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Lavasoft
2006-09-20 12:23 -------- d-------- C:\Program Files\Lavasoft
2006-09-15 11:17 -------- d-------- C:\Documents and Settings\Melisa\Application Data\LimeWire
2006-09-11 00:36 -------- d-------- C:\Program Files\Cool MP3 Splitter
2006-09-01 15:11 -------- d-------- C:\Documents and Settings\Melisa\Application Data\dvdcss
2006-09-01 14:34 -------- d-------- C:\Documents and Settings\Melisa\Application Data\MediaLife
2006-08-28 17:12 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Real
2006-08-28 17:11 -------- d-------- C:\Program Files\Real
2006-08-28 17:11 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-28 17:10 -------- d-------- C:\Program Files\Common Files\Real
2006-08-28 10:50 -------- d-------- C:\Program Files\MUSICMATCH
2006-08-27 00:24 -------- d-------- C:\Program Files\BitComet
2006-08-27 00:11 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Apple Computer
2006-08-26 23:09 -------- d-------- C:\Program Files\Debugging Tools for Windows
2006-08-26 17:29 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Logitech
2006-08-26 17:24 -------- d-------- C:\Program Files\Logitech
2006-08-26 17:24 -------- d-------- C:\Program Files\CyberLink
2006-08-26 17:22 -------- d-------- C:\Program Files\Common Files\Logitech
2006-08-25 13:36 -------- d-------- C:\Program Files\MSN Messenger
2006-08-25 13:31 -------- d-------- C:\Program Files\Vimicro
2006-08-25 13:30 -------- d-------- C:\Program Files\SyscanVideo
2006-08-25 13:30 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-23 22:02 -------- d-------- C:\Program Files\IVT Corporation
2006-08-23 13:12 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Ahead
2006-08-22 17:21 -------- d-------- C:\Program Files\SoftwareRevenue.org
2006-08-22 17:20 2693578 --a------ C:\WINDOWS\system32\mi2.exe
2006-08-22 17:18 379071 --a------ C:\WINDOWS\system32\mi1.exe
2006-08-21 17:29 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-08-21 17:29 -------- d-------- C:\Program Files\Alcohol Soft
2006-08-21 17:26 96256 --a------ C:\WINDOWS\system32\drivers\sptd7597.sys
2006-08-21 17:26 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 17:50 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-08-20 15:52 -------- d-------- C:\Program Files\Yahoo!
2006-08-20 15:43 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-20 15:34 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Macromedia
2006-08-20 15:33 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-08-20 15:32 -------- d-------- C:\Program Files\Macromedia
2006-08-20 15:30 -------- d-------- C:\Program Files\MSBuild
2006-08-20 15:30 -------- d-------- C:\Program Files\Microsoft Office
2006-08-20 15:30 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-20 15:29 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-20 15:29 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-20 15:28 -------- d-------- C:\Program Files\Microsoft Works
2006-08-20 15:28 -------- d-------- C:\Program Files\Common Files\System
2006-08-19 16:39 -------- d-------- C:\Program Files\Whisper Technology
2006-08-19 15:58 -------- d-------- C:\Documents and Settings\Melisa\Application Data\AdobeAUM
2006-08-19 15:57 1557 --a------ C:\Documents and Settings\Melisa\Application Data\AdobeDLM.log
2006-08-19 15:57 0 --a------ C:\Documents and Settings\Melisa\Application Data\dm.ini
2006-08-19 15:41 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Sun
2006-08-19 14:27 -------- d-------- C:\Program Files\Java
2006-08-19 14:21 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 14:21 -------- d-------- C:\Program Files\Outlook Express
2006-08-19 14:19 -------- d-------- C:\Program Files\Messenger
2006-08-19 14:01 -------- d-------- C:\Program Files\Movie Maker
2006-08-19 13:59 -------- d-------- C:\Program Files\Windows NT
2006-08-19 13:59 -------- d-------- C:\Program Files\NetMeeting
2006-08-19 12:01 -------- d-------- C:\Program Files\LimeWire
2006-08-19 11:58 -------- d-------- C:\Program Files\Common Files\Java
2006-08-19 11:13 -------- d-------- C:\Documents and Settings\Melisa\Application Data\vlc
2006-08-19 11:12 -------- d-------- C:\Program Files\VideoLAN
2006-08-19 01:53 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-19 01:52 -------- d-------- C:\Program Files\Nero
2006-08-18 23:59 -------- d-------- C:\Program Files\QuickTime
2006-08-18 23:58 -------- d-------- C:\Program Files\iTunes
2006-08-18 23:58 -------- d-------- C:\Program Files\iPod
2006-08-18 23:56 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-08-18 23:56 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-08-18 23:55 -------- d-------- C:\Program Files\WinRAR
2006-08-18 23:50 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Mozilla
2006-08-14 16:01 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-09 11:32 -------- d-------- C:\Program Files\VIAudioi
2006-08-06 16:15 -------- d-------- C:\Program Files\Softwin
2006-08-06 16:15 -------- d-------- C:\Program Files\Common Files\Softwin
2006-08-06 15:12 62 --ahs---- C:\Documents and Settings\Melisa\Application Data\desktop.ini
2006-08-06 15:06 -------- d-------- C:\Program Files\Common Files\Vbox
2006-08-06 14:40 15890 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-08-06 14:19 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-06 14:19 -------- d-------- C:\Documents and Settings\Melisa\Application Data\Identities
2006-08-06 14:15 0 -rahs---- C:\MSDOS.SYS
2006-08-06 14:15 0 -rahs---- C:\IO.SYS
2006-08-06 14:15 0 --a------ C:\CONFIG.SYS
2006-08-06 14:15 0 --a------ C:\AUTOEXEC.BAT
2006-08-06 14:15 -------- d-------- C:\Program Files\xerox
2006-08-06 14:15 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-05 15:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-05 15:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-05 14:22 -------- d-------- C:\Program Files\Common Files\Services
2006-08-05 14:22 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-05 14:21 -------- d-------- C:\Program Files\Online Services
2006-08-05 14:21 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-05 14:21 -------- d-------- C:\Program Files\MSN
2006-08-05 14:21 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaLifeService"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AudioDeck"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSNTOO~1\\DS\\020500~1.111\\en-gb\\bin\\WINDOW~3.EXE /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Melisa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Melisa^Start Menu^Programs^Startup^MagicDisc.lnk]
"backup"="C:\\WINDOWS\\pss\\MagicDisc.lnkStartup"
"location"="Startup"
"item"="MagicDisc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ewido"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BigDogPath]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VM_STI"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 25/09/2006 23:04:00.82
ComboFix.txt
  • 0

#6
loophole
Posted 26 September 2006 - 02:34 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Are you still getting the Winantivirus popups?

Killbox
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\awbcvgoy.exe
    C:\WINDOWS\system32\kiuvneck.dll


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#7
pug206
Posted 26 September 2006 - 02:53 PM

pug206

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I haven't noticed any pop ups since downloadin combofix. So i'm guessin its fixed?
thanks for all your help.

should i still run killbot?

Edited by pug206, 26 September 2006 - 02:53 PM.

  • 0

#8
loophole
Posted 26 September 2006 - 03:22 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes please :whistling:
  • 0

#9
pug206
Posted 26 September 2006 - 04:52 PM

pug206

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Melisa\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Melisa\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@apmebf[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@bluestreak[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@drivecleaner[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@go[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Melisa\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@tradedoubler[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Melisa\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Melisa\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Melisa\Cookies\melisa@zedo[1].txt
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\SoftwareRevenue.org\2r_samba.exe[toolbar-w-google-r.dll]
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\mi1.exe[2r_samba.exe][toolbar-w-google-r.dll]


Logfile of HijackThis v1.99.1
Scan saved at 23:52:38, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.melisaho.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - blank (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E502EE19-14A3-4568-B40B-81435067166C} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?112a1b831b804c0294bbe88440d0938b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?112a1b831b804c0294bbe88440d0938b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155127243890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: bw+0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B06AD676-1F71-460B-885D-FF1FDB6DBF7A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#10
loophole
Posted 26 September 2006 - 07:29 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi again :whistling:

Please run a scan with HijackThis and check the following lines for removal:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - blank (file missing)

O2 - BHO: (no name) - {E502EE19-14A3-4568-B40B-81435067166C} - C:\WINDOWS\system32\pmnnl.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Now click >>start>>control panel >>add/remove programs and uninstall the following if present:
SoftwareRevenue.org

Now, navigate to and delete the following files & folders if present:

C:\WINDOWS\system32\mi1.exe
C:\Program Files\SoftwareRevenue.org

Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.


I'm satisfied its clean but your the boss. How is everything running. :blink:

Edited by loophole, 26 September 2006 - 07:30 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP