Used combofix just now. Possible bifrost Backdoor remains [RESOLVED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Used combofix just now. Possible bifrost Backdoor remains [RESOLVED] Need to check if anymore backdoors and genericdownloaders are left. An

#1 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 07 November 2007 - 02:19 AM

Thank you in advance! I have had help a couple of years ago. Okay, here's the problems I used to had: used to have disable task manager, Desktop image is completely blue, pop-ups in Internet Explorer, and virus scanners going crazy with alerts.

I tried Pandascan which uses Internet Explorer(I never use that) so scanning was impossible. Used Free-edition AVG(my primary preferred one), Avira Antivir(installed recently) and this AoL's own blocking thing. I'm very suspicious as to why I'm unable to uninstall IE(even with the Install/uninstall Programs).
I finally tried combofix.exe, and everything seemed okay(Except IE cannot still be uninstalled). When the computer restarted, a few DLL's report to not be working (probably bad ones) but the AoL blocking thing blocked a program "Bifrost" and is said to be a backdoor. So I want to make sure everything is safe.

Here is fresh Hijackthis log and combofix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:59 AM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\WTablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\aol\1140482843\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140482843\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C782A64-B22D-439A-8B22-B286403A1C96} - C:\WINDOWS\System32\eosfhall.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Uwkwzixe\yvarnvcp.dll (file missing)
O2 - BHO: (no name) - {45488867-5966-4A66-ABA8-C3DB432EE160} - C:\Program Files\Internet Explorer\menoxujav4444.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: 0 - {5FE3833D-E200-4AE7-0585-7668E1F5A8B5} - C:\Program Files\WindowsUpdate\quzar.dll (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D14D80D1-3A76-499C-99EB-EC8719A3F06F} - C:\Program Files\Internet Explorer\menoxujav83122.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [avgnt] "C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Djdbi] "C:\Program Files\?ppPatch\?hkdsk.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble...MStarterJP5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarbl...l/NMJTransX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: lubxdaev - lubxdaev.dll (file missing)
O20 - Winlogon Notify: mlljg - mlljg.dll (file missing)
O20 - Winlogon Notify: mllmk - mllmk.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: tuvuuts - tuvuuts.dll (file missing)
O20 - Winlogon Notify: vssap - C:\WINDOWS\System32\vssap.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 20393 bytes

===================================
==================================
ComboFix 07-11-07.3 - Owner 2007-11-06 23:44:33.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Virus Scanners\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\ICROSO~1
C:\Documents and Settings\Owner\Application Data\ICROSO~1\?icrosoft\
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\?hkdsk.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\a13
C:\WINDOWS\system32\bvgevqai
C:\WINDOWS\system32\bvgevqai\bg1.gif
C:\WINDOWS\system32\bvgevqai\bgtop.gif
C:\WINDOWS\system32\bvgevqai\bottom1.gif
C:\WINDOWS\system32\bvgevqai\bvgevqai1.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
C:\WINDOWS\system32\bvgevqai\essentials.gif
C:\WINDOWS\system32\bvgevqai\icon1.ico
C:\WINDOWS\system32\bvgevqai\install1.gif
C:\WINDOWS\system32\bvgevqai\left1.gif
C:\WINDOWS\system32\bvgevqai\li.gif
C:\WINDOWS\system32\bvgevqai\logo.gif
C:\WINDOWS\system32\bvgevqai\main.htm
C:\WINDOWS\system32\bvgevqai\mainframe.htm
C:\WINDOWS\system32\bvgevqai\reinstall1.gif
C:\WINDOWS\system32\bvgevqai\right1.gif
C:\WINDOWS\system32\bvgevqai\s1.htm
C:\WINDOWS\system32\bvgevqai\s2.htm
C:\WINDOWS\system32\bvgevqai\s3.htm
C:\WINDOWS\system32\bvgevqai\SMTop1.gif
C:\WINDOWS\system32\bvgevqai\SMTop2.gif
C:\WINDOWS\system32\bvgevqai\SMTop3.gif
C:\WINDOWS\system32\bvgevqai\SMTop4.gif
C:\WINDOWS\system32\bvgevqai\soft1_off.gif
C:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft1_on.gif
C:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_off.gif
C:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_on.gif
C:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_off.gif
C:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_on.gif
C:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
C:\WINDOWS\system32\bvgevqai\softbottom_off.gif
C:\WINDOWS\system32\bvgevqai\softbottom_on.gif
C:\WINDOWS\system32\bvgevqai\softleft_off.gif
C:\WINDOWS\system32\bvgevqai\softleft_on.gif
C:\WINDOWS\system32\bvgevqai\top1.gif
C:\WINDOWS\system32\bvgevqai\top2.gif
C:\WINDOWS\system32\bvgevqai\turnoff1.gif
C:\WINDOWS\system32\bvgevqai\turnon1.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwcdyga.dll
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\e2\caws83122.exe
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\i8
C:\WINDOWS\system32\i8\taldrvr11.exe
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\oxhjdr.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\x22
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\Network Monitor

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.

2007-11-06 23:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 23:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-03 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-02 17:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-02 16:26 555,957 ---hs---- C:\WINDOWS\system32\passv.ini2
2007-11-02 14:11 <DIR> d-------- C:\Program Files\Uwkwzixe
2007-11-02 14:11 117 --a------ C:\Documents and Settings\Owner\mit.bat
2007-11-02 14:07 <DIR> d--hs---- C:\WINDOWS\QmFsYmlubyBNZXJjYWRhbA
2007-11-02 14:06 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-02 14:06 <DIR> d-------- C:\temp\mZOr
2007-10-24 01:15 <DIR> d-------- C:\Program Files\Photodex Presenter
2007-10-24 01:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2007-10-12 12:00 <DIR> d-------- C:\Program Files\Cheetah Burner
2007-10-12 12:00 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-10-12 12:00 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-10-12 12:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-10-12 12:00 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-10-11 17:43 <DIR> d-------- C:\Program Files\MySpace
2007-10-11 17:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-09 21:00 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 14:17 <DIR> d-------- C:\Program Files\Toolkit3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 07:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\WTablet
2007-11-04 15:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-03 18:52 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2007-11-03 16:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-03 01:29 --------- d-----w C:\Program Files\GetRight
2007-11-01 20:48 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-10-30 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-12 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 08:38 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-09-21 00:04 --------- d-----w C:\Program Files\AIM6
2007-09-21 00:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2007-09-21 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-21 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-07 21:42 --------- d-----w C:\Program Files\7-Zip
2007-08-08 12:43 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-08 06:24 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 -csh--r C:\WINDOWS\@desktop@.dat
2005-08-02 23:46:54 187,904 --sha-r C:\WINDOWS\QmFsYmlubyBNZXJjYWRhbA\asappsrv.dll
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\QmFsYmlubyBNZXJjYWRhbA\kAIPsA5RvV1htrL3sql1vE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C782A64-B22D-439A-8B22-B286403A1C96}]
C:\WINDOWS\System32\eosfhall.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
C:\Program Files\Uwkwzixe\yvarnvcp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45488867-5966-4A66-ABA8-C3DB432EE160}]
2007-08-02 06:43 282624 --a------ C:\Program Files\Internet Explorer\menoxujav4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FE3833D-E200-4AE7-0585-7668E1F5A8B5}]
C:\Program Files\WindowsUpdate\quzar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14D80D1-3A76-499C-99EB-EC8719A3F06F}]
2007-08-02 06:43 282624 --a------ C:\Program Files\Internet Explorer\menoxujav83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 00:28]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:15]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 20:16]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 13:43]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-09-14 21:02]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-01 02:01]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" []
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-21 16:12]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 17:54]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 13:54]
"HostManager"="C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe" [2006-09-25 17:52]
"Smiley District"="C:\Program Files\SmileyDistrict\plugin.exe" [2006-05-17 00:47]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 02:37]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 12:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 12:28]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"{08-8B-BF-FC-ZN}"="C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe" []
"avgnt"="C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-03 21:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-08 05:51]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Aim6"="" []
"Djdbi"="C:\Program Files\?ppPatch\?hkdsk.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-08 05:52:00]
PopSubtract.lnk - C:\Program Files\InterMute\PopSubtract\PopSub.exe [2004-09-13 21:12:52]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 14:16:45]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lubxdaev]
lubxdaev.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
mlljg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmk]
mllmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhg]
pmkhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuuts]
tuvuuts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vssap]
C:\WINDOWS\System32\vssap.dll 2006-06-03 06:55 368660 C:\WINDOWS\system32\vssap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32]
winwil32.dll

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido\security suite\guard.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 05:20:27 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 00:10:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 0:20:06 - machine was rebooted
.
--- E O F ---

#2 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 10 November 2007 - 08:39 AM

Hello Jepmz
sorry for the delay the logs are still showing some signs of malware lets have a look at whats still on the machine

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 11 November 2007 - 01:31 PM

Phew, thanks Don. Okay, here it is:

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-11 11:28:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
64: 2007-11-11 18:28:56 UTC - RP547 - Deckard's System Scanner Restore Point
63: 2007-11-10 17:02:15 UTC - RP546 - System Checkpoint
62: 2007-11-09 03:32:07 UTC - RP545 - System Checkpoint
61: 2007-11-07 06:42:40 UTC - RP544 - ComboFix created restore point
60: 2007-11-04 12:35:43 UTC - RP543 - Software Distribution Service 3.0

-- First Restore Point --
1: 2007-08-15 10:03:09 UTC - RP484 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:02 AM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\WTablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\aol\1140482843\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140482843\ee\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C782A64-B22D-439A-8B22-B286403A1C96} - C:\WINDOWS\System32\eosfhall.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Uwkwzixe\yvarnvcp.dll (file missing)
O2 - BHO: (no name) - {45488867-5966-4A66-ABA8-C3DB432EE160} - C:\Program Files\Internet Explorer\menoxujav4444.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: 0 - {5FE3833D-E200-4AE7-0585-7668E1F5A8B5} - C:\Program Files\WindowsUpdate\quzar.dll (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D14D80D1-3A76-499C-99EB-EC8719A3F06F} - C:\Program Files\Internet Explorer\menoxujav83122.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [avgnt] "C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Djdbi] "C:\Program Files\?ppPatch\?hkdsk.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble...MStarterJP5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarbl...l/NMJTransX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: lubxdaev - lubxdaev.dll (file missing)
O20 - Winlogon Notify: mlljg - mlljg.dll (file missing)
O20 - Winlogon Notify: mllmk - mllmk.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: tuvuuts - tuvuuts.dll (file missing)
O20 - Winlogon Notify: vssap - C:\WINDOWS\System32\vssap.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 20140 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ewido security suite driver - c:\program files\ewido\security suite\guard.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbdriver.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\documents and settings\owner\desktop\virus scanners\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 GEARSecurity (Gear Security Service) - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-11-11 06:25:01 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2007-10-11 and 2007-11-11 -----------------------------

2007-11-07 00:58:26 0 d-------- C:\Program Files\Trend Micro
2007-11-06 23:36:26 0 d--h----- C:\WINDOWS\PIF
2007-11-03 21:40:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-02 17:47:24 0 d-------- C:\WINDOWS\network diagnostic
2007-11-02 16:26:38 5039 ---hs---- C:\WINDOWS\system32\passv.ini2
2007-11-02 14:11:30 117 --a------ C:\Documents and Settings\Owner\mit.bat
2007-11-02 14:10:43 1149576 --a------ C:\Install
2007-11-02 14:07:03 0 d--hs---- C:\WINDOWS\QmFsYmlubyBNZXJjYWRhbA
2007-11-02 14:06:37 0 d-------- C:\WINDOWS\system32\Mz08r
2007-10-24 01:15:15 0 d-------- C:\Program Files\Photodex Presenter
2007-10-24 01:15:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2007-10-12 12:00:07 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-10-12 12:00:04 323584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-10-12 12:00:03 0 d-------- C:\Program Files\Cheetah Burner
2007-10-11 17:43:28 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-11 17:43:21 0 d-------- C:\Program Files\MySpace

-- Find3M Report ---------------------------------------------------------------

2007-11-11 11:19:53 0 d-------- C:\Documents and Settings\Owner\Application Data\WTablet
2007-11-07 06:15:57 0 d-------- C:\Program Files\SwiftSwitch
2007-11-07 00:45:26 0 d-------- C:\Program Files\SmileyDistrict
2007-11-03 17:49:30 1397499 --a------ C:\Documents and Settings\Owner\Application Data\CleanUp!.log
2007-11-03 11:52:17 0 dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-11-03 11:07:21 0 d-------- C:\Program Files\Common Files
2007-11-03 09:37:33 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-10-24 01:15:18 2820 --a------ C:\WINDOWS\mozver.dat
2007-10-24 01:15:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-10-12 12:00:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-08 01:38:32 0 d-------- C:\Program Files\Microsoft Silverlight
2007-10-07 14:18:25 0 d-------- C:\Program Files\Toolkit3
2007-09-20 17:04:29 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-09-20 17:04:00 0 d-------- C:\Program Files\AIM6
2007-09-05 15:11:48 180224 --a------ C:\WINDOWS\system32\dzwrapper.dll
2007-09-05 15:11:46 32256 --a------ C:\WINDOWS\system32\dzbryce6.dll
2007-09-05 15:08:36 7950336 --a------ C:\WINDOWS\system32\dzcore.dll
2007-09-04 16:05:24 65536 --a------ C:\WINDOWS\system32\dzcarrara.dll
2007-09-04 15:23:36 6131712 --a------ C:\WINDOWS\system32\daz-qt-mt.dll
2007-09-04 15:23:36 1785856 --a------ C:\WINDOWS\system32\daz-qsa.dll
2007-09-04 15:18:48 2076672 --a------ C:\WINDOWS\system32\dz3delight.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C782A64-B22D-439A-8B22-B286403A1C96}]
C:\WINDOWS\System32\eosfhall.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
C:\Program Files\Uwkwzixe\yvarnvcp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45488867-5966-4A66-ABA8-C3DB432EE160}]
08/02/2007 06:43 AM 282624 --a------ C:\Program Files\Internet Explorer\menoxujav4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FE3833D-E200-4AE7-0585-7668E1F5A8B5}]
C:\Program Files\WindowsUpdate\quzar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14D80D1-3A76-499C-99EB-EC8719A3F06F}]
08/02/2007 06:43 AM 282624 --a------ C:\Program Files\Internet Explorer\menoxujav83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [04/01/2004 12:28 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 04:38 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 08:02 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/16/2004 08:16 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53 AM C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/14/2004 09:02 PM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/01/2004 02:01 AM]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" []
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [05/21/2004 04:12 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 05:50 AM]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [05/07/2004 05:54 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/23/2007 01:54 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"Smiley District"="C:\Program Files\SmileyDistrict\plugin.exe" [05/17/2006 12:47 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/16/2005 02:37 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 10:26 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/22/2006 12:27 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [12/22/2006 12:28 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"{08-8B-BF-FC-ZN}"="C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe" []
"avgnt"="C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/03/2007 09:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 02:34 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/16/2007 03:17 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [08/08/2007 05:51 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Aim6"="" []
"Djdbi"="C:\Program Files\?ppPatch\?hkdsk.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lubxdaev]
lubxdaev.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
mlljg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmk]
mllmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhg]
pmkhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuuts]
tuvuuts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vssap]
C:\WINDOWS\System32\vssap.dll 06/03/2006 06:55 AM 368660 C:\WINDOWS\system32\vssap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32]
winwil32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2007-11-11 11:33:20 ------------

===========================================
==========================================

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 447.48 MiB / 174.95 MiB
Pagefile Memory (total/avail): 1056.57 MiB / 630.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.82 MiB

C: is Fixed (NTFS) - 144.25 GiB total, 71.49 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: Avira AntiVir PersonalEdition v 7.0.0.197
(Avira GmbH)
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe"="C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe:*:Enabled:SpamSubtract Main Module"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MERCADAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LANG=C
LOGONSERVER=\\MERCADAL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=MERCADAL
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Anime Studio Pro 5.5 --> "C:\Program Files\e frontier\Anime Studio Pro\unins000.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\Setup.exe" -l0x9 -uninst
AssaultCube v0.93 --> "C:\Documents and Settings\Owner\Desktop\game\AssaultCube\uninstall.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic --> C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitComet 0.61 --> "C:\WINDOWS\BitComet_Toolbar_Uninstaller_7859.exe" -hu _?=C:\Program Files\BitComet Toolbar
BitComet Toolbar --> "C:\WINDOWS\BitComet_Toolbar_Uninstaller_7859.exe" _?=C:\Program Files\BitComet Toolbar
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500 --> C:\WINDOWS\System32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Documents and Settings\Owner\Desktop\Virus Scanners\CCleaner\uninst.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corel Painter Essentials 3 --> MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DAZ|Studio 1.7.1.9 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
Direct KiSS --> C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\owner\desktop\jep\new folder\Uninst.isu"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Scanner Reference Guide --> C:\Program Files\epson\guide\uninstall.exe
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
FlashPlayer8 8.0.500 --> C:\Program Files\FlashPlayer8\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Freedom Fighters --> C:\PROGRA~1\EAGAME~1\FREEDO~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\FREEDO~1\INSTALL.LOG
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9 -removeonly
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D9

#4 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 11 November 2007 - 01:58 PM

A bit of the DSS log got cut off now worries we will get a look at what I need

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Also post back an uninstall list

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

#5 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 11 November 2007 - 04:41 PM

Oh woops. I'll make double sure I include everything. Here's the three lists:
(I did Vundofix twice and turned off AntiVir the second time)

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:25:20 PM 11/11/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:29:57 PM 11/11/2007

Listing files found while scanning....

C:\windows\system32\passv.ini
C:\windows\system32\passv.ini2
C:\windows\system32\passv.tmp
C:\windows\system32\vssap.dll

Beginning removal...

Attempting to delete C:\windows\system32\passv.ini
C:\windows\system32\passv.ini Has been deleted!

Attempting to delete C:\windows\system32\passv.ini2
C:\windows\system32\passv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\passv.tmp
C:\windows\system32\passv.tmp Has been deleted!

Attempting to delete C:\windows\system32\vssap.dll
C:\windows\system32\vssap.dll Has been deleted!

Performing Repairs to the registry.
Done!

===============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:49 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\WTablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1140482843\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140482843\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C782A64-B22D-439A-8B22-B286403A1C96} - C:\WINDOWS\System32\eosfhall.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Uwkwzixe\yvarnvcp.dll (file missing)
O2 - BHO: (no name) - {45488867-5966-4A66-ABA8-C3DB432EE160} - C:\Program Files\Internet Explorer\menoxujav4444.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: 0 - {5FE3833D-E200-4AE7-0585-7668E1F5A8B5} - C:\Program Files\WindowsUpdate\quzar.dll (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D14D80D1-3A76-499C-99EB-EC8719A3F06F} - C:\Program Files\Internet Explorer\menoxujav83122.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [avgnt] "C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Djdbi] "C:\Program Files\?ppPatch\?hkdsk.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble...MStarterJP5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarbl...l/NMJTransX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: lubxdaev - lubxdaev.dll (file missing)
O20 - Winlogon Notify: mlljg - mlljg.dll (file missing)
O20 - Winlogon Notify: mllmk - mllmk.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: tuvuuts - tuvuuts.dll (file missing)
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Documents and Settings\Owner\Desktop\Virus Scanners\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 19633 bytes
=========================================================
====== ===== == == == == ==
==========================================================
Uninstall List

3dsmax ancillary install
7-Zip 4.42
Ad-Aware SE Personal
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 6.0.1
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AIM 6
Anime Studio Pro 5.5
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ArcSoft PhotoImpression
AssaultCube v0.93
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AVG 7.5
Avira AntiVir PersonalEdition Classic
Backburner
BitComet 0.61
BitComet Toolbar
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blender (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BroadJump Client Foundation
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon PIXMA iP1500
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CC_ccStart
ccCommon
CCleaner (remove only)
Cheetah DVD Burner
CleanUp!
Corel Painter Essentials 3
Crystal Maze from Hewlett-Packard Desktops (remove only)
Direct KiSS
Easy Internet Sign-up
Easy-WebPrint
eMusic - 50 Free MP3 offer
EPSON Copy Utility
EPSON Photo Print
EPSON Scanner Reference Guide
EPSON Smart Panel
EPSON TWAIN 5
ewido security suite
FBX Plugin 2006.08 for Max 9.0
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
FlashPlayer8 8.0.500
FLV Player 1.3.3
Freedom Fighters
GTA San Andreas
GTK+ 2.10.6-1 runtime environment
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HPIZ350
ijji - Gunz
Immortal Cities: Children of the Nile
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Flash MX 2004
Macromedia Flash Player 8
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.5.74
MakeHuman 0.8a Beta version
MapleStory
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
mIRC
Mozilla Firefox (2.0.0.9)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Mulan Animated StoryBook
MVision
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
openCanvas3.05E Plus
openCanvas4.5.09e Plus
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Paintball2 Alpha build 019
Panda ActiveScan
Papagayo 1.2
PC-Doctor for Windows
Photodex Presenter
Photosmart 140,240,7200,7600,7700,7900 Series
PlayFKiSS
Polar Bowler from Hewlett-Packard Desktops (remove only)
PopSubtract
Project64 1.6
PS2
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealPlayer
RPGToolkit, Version 3.1.0
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Slyder from Hewlett-Packard Desktops (remove only)
Sodipodi
Soldat 1.3.1
Soldat 1.4.0
Soldat 1.4.1
Soldat 1.4.2
Soldat Interface Maker 1.0
Soldier Front
SpamSubtract
SymNet
System Requirements Lab
Tablet
Tahni DeskMate
The GIMP 2.2.13
The Sims 2
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
TVAnts 1.0
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Updates from HP
Ventrilo Client
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE
WildTangent Web Driver
WinAce Archiver
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Word Symphony from Hewlett-Packard Desktops (remove only)
Xfire (remove only)
Yahoo! Browser Services
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Search Protection
Yahoo! Toolbar

#6 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 12 November 2007 - 06:27 PM

You have some pretty nasty stuff on this machine

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange....ix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

#7 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 13 November 2007 - 02:49 AM

Man, I'm worried. Ah ha ha. *weak laugh*

Search Navipromo version 3.3.5 began on Tue 11/13/2007 at 0:50:13.29

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 08.11.2007 at 18h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\Documents and Settings\All Users\Application Data ***

*** Search folders in C:\Documents and Settings\Owner\Application Data ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found in :

- C:\WINDOWS\system32
- C:\DOCUME~1\OWNER\LOCALS~1\APPLIC~1

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in C:\DOCUME~1\OWNER\LOCALS~1\APPLIC~1 *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search known files:

2)Heuristic Search :

3)Certificates Search :

Egroup certificate not found !

*** Search completed on Tue 11/13/2007 at 0:51:04.62 ***

#8 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 14 November 2007 - 03:06 PM

If Nortons is current go ahead and remove Antivir and AVG no need having 3 av's they will only slow the computer down

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {2C782A64-B22D-439A-8B22-B286403A1C96} - C:\WINDOWS\System32\eosfhall.dll (file missing)
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Uwkwzixe\yvarnvcp.dll (file missing)
O2 - BHO: (no name) - {45488867-5966-4A66-ABA8-C3DB432EE160} - C:\Program Files\Internet Explorer\menoxujav4444.dll
O2 - BHO: 0 - {5FE3833D-E200-4AE7-0585-7668E1F5A8B5} - C:\Program Files\WindowsUpdate\quzar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D14D80D1-3A76-499C-99EB-EC8719A3F06F} - C:\Program Files\Internet Explorer\menoxujav83122.dll
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKCU\..\Run: [Djdbi] "C:\Program Files\?ppPatch\?hkdsk.exe"
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - \insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O20 - Winlogon Notify: lubxdaev - lubxdaev.dll (file missing)
O20 - Winlogon Notify: mlljg - mlljg.dll (file missing)
O20 - Winlogon Notify: mllmk - mllmk.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: tuvuuts - tuvuuts.dll (file missing)
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)

Close out HJT

Next Reboot into SAFE MODE
Search for and delete the Folder highlighted in Blue

C:\Program Files\SmileyDistrict

Reboot back to normal mode

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Click OK
Now under select a target to scan:
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Post back a fresh HJT log for me as well please

#9 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 15 November 2007 - 11:04 AM

Again, thank you for taking the time for providing me assisyance. I decided to keep AVG since thge other one you recommended expired several years ago.

Here's the logs:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 15, 2007 9:02:40 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/11/2007
Kaspersky Anti-Virus database records: 459775
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 189749
Number of viruses found: 15
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 04:32:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cee6wao3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\game\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Owner\Desktop\game\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Owner\Desktop\game\mirc621.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\02500650.cla Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\0254304C.cla Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A811D93.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1A98437A.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1B3422CE.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1BD10221.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1BD8561A.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\1E9C6D0E.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\226504DD.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\266C7811.cla Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31AB5C60.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\31C52C43.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\32A92748.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\41AA2C7E.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine\539D5EEC.cla Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Navilog1.exe/file7 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\IMG1305.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB465.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071114-233401-773.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071114-233401-988.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720474.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720567.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720569.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720570.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720571.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720572.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720576.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720581.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP530\A0720582.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP536\A0721379.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721684.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721686.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721708.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.s skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721709.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721710.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721769.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721770.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721771.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721772.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721773.exe Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721869.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721873.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721874.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP540\A0721914.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP543\A0725021.exe Infected: not-a-virus:AdWare.Win32.Agent.tb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP543\A0725160.dll Infected: not-a-virus:AdWare.Win32.BHO.je skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725230.dll Infected: not-a-virus:AdWare.Win32.Agent.ta skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725232.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725236.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725236.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725240.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725240.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP544\A0725680.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP547\A0727037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP549\A0727451.dll Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP550\A0727710.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP550\A0727711.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP550\change.log Object is locked skipped
C:\VundoFix Backups\vssap.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C4680A63-4C9A-427F-B7EE-4072017469C9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP550\change.log Object is locked skipped

Scan process completed.
=====================================================
=====================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:03 AM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\WTablet\TabUserW.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1140482843\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140482843\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140482843\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble...MStarterJP5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarbl...l/NMJTransX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 15672 bytes

#10 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 16 November 2007 - 09:50 AM

Looking good
Go ahead and delete the following folder

C:\Documents and Settings\Owner\Desktop\Jep\backup\Norton Internet Security\Norton AntiVirus\Quarantine

Need to flush system restore points you will see how to create a new and flush the rest below

Nice job your log is clean !

How is it running ?
Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download
Spyware Blaster
Spyware Guard
IE-Spyad
Online scan
For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan
Clean out Temp Folders
Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
Please download ATF Cleaner by Atribune.
If you use Firefox browser
If you use Opera browser
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Updating Java and Clearing Cache:
- Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
- It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
- If you are unable to update you can manually update by going Here
- After the reboot, go back into the Control Panel and double-click the Java Icon.
- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Java Control Panel.
Windows Updates
Remeber to Check Windows for updates
Flush System Restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
System Restore will now be active again.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

#11 Jepmz

Group: Member
Posts: 9
Joined: 03-June 05

Posted 16 November 2007 - 05:45 PM

Wow, thanks for all your help Don! The computer is running alright, haven't found any of those pesky invincible dll's anymore.

I'll need to give you something somehow. Oh, I know, go search for "don77" in Deviantart in a couple of months from now, and maybe you might see something dedicated to you. =D (It probably won't be spectacular, but it's something)

#12 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 16 November 2007 - 06:57 PM

Your very welcome Glad I could help

I will have a look at Deviantart just send me a reminder so I'll know when to have a look

#13 don77

Group: Retired Staff
Posts: 18,526
Joined: 05-July 04

Posted 19 November 2007 - 09:08 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Used combofix just now. Possible bifrost Backdoor remains [RESOLVED] - Geeks to Go Forums