[ClarkLeslie]

I´ve had this Trojan for a week now and it´s name is as a topic´s name right now.

Because of this I´ve suffered this kind of things.

1.Very slow while on internet.
2.Throwing AdultFriendFinder-thingies
3.Then this kind of things:

Services and Controller.app failure

Generic Host Service failure, after that System Shutdown in one minute, saying: C/Windows/system32/services.exe failure by NT Authority System or something like that.

I´ve seen some people to get useful help in here and hope to be one of them in some time, thanks

I have the HijackThis log with me, if somebody needs to see it.

Edited by ClarkLeslie, 16 February 2008 - 04:40 AM.

[Advertisements]

Hello ClarkLeslie

Welcome to G2Go.
=================
Please post a new Hijackthis log please so we can see what we are dealing with.
Thanks.

[kahdah]

Hello ClarkLeslie

Welcome to G2Go.
=================
Please post a new Hijackthis log please so we can see what we are dealing with.
Thanks.

[ClarkLeslie]

Thanks and here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:24, on 16.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\regsv32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GhostWall\ghostwall.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [regsv32.exe] C:\WINDOWS\system32\regsv32.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [35384dd7.exe] C:\Documents and Settings\Janek\Local Settings\Application Data\35384dd7.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Delfi - {07818CC7-EDC8-45DC-9B6A-208293B8504B} - www.delfi.ee (file missing) (HKCU)
O9 - Extra button: MicroLink - {58C6AA38-7128-4FDB-8252-B61CF01A48C3} - www.microlink.ee (file missing) (HKCU)
O9 - Extra button: ML Arvutid - {BACAD19A-2ACA-47F1-9A23-5D3C70677126} - www.arvutid.ee (file missing) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchal...PowerLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hang...anSetup1010.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmvffvf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LogCrypt - C:\WINDOWS\SYSTEM32\LogCrypt.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 22819 bytes

[kahdah]

You are welcome

Please download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[ClarkLeslie]

ComboFix 08-02-14.2 - Janek 2008-02-16 21:00:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.920 [GMT 2:00]
Running from: C:\Documents and Settings\Janek\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\keyboard161.dat
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\drivers\PVMD53.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
C:\WINDOWS\system32\drivers\Yee23.sys
C:\WINDOWS\system32\launcher.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\LEGACY_PVMD53
-------\LEGACY_RUNTIME
-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\LEGACY_YEE23
-------\msupdate
-------\sfsync02
-------\sfsync03
-------\Yee23


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 21:04 . 2008-02-16 21:04 21,120 --a------ C:\WINDOWS\system32\drivers\Skx67.sys
2008-02-16 12:37 . 2008-02-16 12:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 09:04 . 2008-02-16 09:04 244 --ah----- C:\sqmnoopt01.sqm
2008-02-16 09:04 . 2008-02-16 09:04 232 --ah----- C:\sqmdata01.sqm
2008-02-15 22:32 . 2008-02-15 22:32 244 --ah----- C:\sqmnoopt00.sqm
2008-02-15 22:32 . 2008-02-15 22:32 232 --ah----- C:\sqmdata00.sqm
2008-02-15 22:26 . 2008-02-16 20:20 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-15 22:16 . 2008-02-15 22:16 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-14 23:58 . 2008-02-15 09:13 14,336 --a------ C:\WINDOWS\system32\drivers\govno.exe
2008-02-14 22:37 . 2008-02-14 22:37 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-14 20:09 . 2008-02-14 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 20:08 . 2008-02-16 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 20:08 . 2008-02-14 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 20:08 . 2008-02-14 20:08 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\SUPERAntiSpyware.com
2008-02-14 17:53 . 2008-02-14 17:53 <DIR> d-------- C:\Program Files\GhostWall
2008-02-14 17:53 . 2008-02-16 21:04 6,520 --a------ C:\WINDOWS\system32\drivers\ghstwall.sys
2008-02-14 17:53 . 2008-02-14 17:53 1,440 --a------ C:\WINDOWS\system32\ghstwall.fir
2008-02-13 13:41 . 2008-02-13 13:41 29 --a------ C:\WINDOWS\system32\ssoewweo.tmp
2008-02-13 13:05 . 2008-02-13 13:05 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-02-12 18:55 . 2008-02-12 20:43 365,875,852 --a------ C:\prison.break.s03e12.hdtv.xvid-xor [La!sk].avi
2008-02-12 15:00 . 2008-02-12 15:05 <DIR> d-------- C:\WINDOWS\.frugoo_file_store_32
2008-02-12 07:55 . 2008-02-15 13:06 8,704 --a------ C:\WINDOWS\system32\LogCrypt.dll
2008-02-09 22:07 . 2008-02-09 22:07 <DIR> d-------- C:\Program Files\SEGA
2008-02-08 08:19 . 2008-02-09 21:12 4,221,632,512 --a------ C:\Medieval 2 Total War 2.iso
2008-02-07 17:18 . 2008-02-07 17:18 16,384 --------- C:\WINDOWS\system32\mmmvffvf.dll
2008-02-07 09:13 . 2008-02-07 09:13 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-06 21:20 . 2008-02-06 21:36 <DIR> d-------- C:\Documents and Settings\Janek\dodian.com
2008-02-06 18:48 . 2008-02-08 07:32 4,031,334,400 --a------ C:\Medieval 2 Total War 1.iso
2008-02-04 17:53 . 2008-02-06 18:47 1,130,958,848 --a------ C:\Medieval 2 Total War Kingdoms 2 [ATK].iso
2008-02-04 17:53 . 2008-02-15 16:12 1,114,215,060 --a------ C:\Medieval 2 Total War Kingdoms 1 [ATK].iso
2008-02-04 00:13 . 2008-02-04 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 00:13 . 2008-02-14 08:28 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\AVG7
2008-02-04 00:13 . 2008-02-04 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 00:10 . 2008-02-04 00:10 101 --a------ C:\WINDOWS\wininit.ini
2008-02-03 23:28 . 2008-02-03 23:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 23:28 . 2008-02-04 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 12:27 . 2008-02-03 12:27 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-01 21:56 . 2008-02-01 21:56 4,608 --a------ C:\WINDOWS\system32\temp.000
2008-01-30 22:29 . 2008-01-30 22:29 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\TVU networks
2008-01-30 22:29 . 2008-01-30 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-30 22:28 . 2008-01-30 22:29 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-26 14:39 . 2008-01-26 18:20 732,919,808 --a------ C:\Juno DVDSCR XViD-HLS.avi
2008-01-26 14:36 . 2003-08-28 18:43 40,090 --------- C:\Johnny English 730.796.032.by savi 2ver.sub
2008-01-26 11:39 . 2008-01-26 11:39 91,993 --a------ C:\Juno DVDSCR XViD-HLS.srt
2008-01-26 09:55 . 2008-01-26 14:34 734,814,208 --------- C:\Johnny English [Diablo].avi
2008-01-24 18:52 . 2008-01-25 13:02 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\PowerChallenge
2008-01-23 14:49 . 2006-09-21 12:40 35,897 --a------ C:\See No Evil.srt
2008-01-22 01:29 . 2008-01-22 08:07 733,870,080 --a------ C:\Captivity (2007 Thriller).avi
2008-01-22 01:29 . 2008-01-22 01:29 39,881 --a------ C:\Captivity (2007 Thriller).srt
2008-01-22 01:17 . 2008-01-22 07:56 733,786,112 --a------ C:\Atonement.2007.DvDRip.Eng-FxM.avi
2008-01-21 18:34 . 2008-01-22 01:29 735,553,536 --a------ C:\The Lookout[2007 Crime Drama Thriller ].avi
2008-01-21 18:34 . 2008-01-21 18:34 62,995 --a------ C:\The Lookout[2007 Crime Drama Thriller ].sub
2008-01-21 18:12 . 2008-01-22 01:17 735,117,312 --a------ C:\Severance ( 2006 Horror.Comedy.Thriller).avi
2008-01-21 18:12 . 2008-01-21 18:12 48,031 --a------ C:\Severance ( 2006 Horror.Comedy.Thriller).srt
2008-01-21 11:56 . 2008-01-21 18:34 663,980,032 --a------ C:\See.No.Evil.(DVD-Rip.Mp3.5.1).[maRRtin].avi
2008-01-20 23:40 . 2008-01-21 18:11 733,976,576 --a------ C:\Return to House on Haunted Hill (2007 Horror Thriller).avi
2008-01-20 23:40 . 2008-01-20 23:40 49,111 --a------ C:\Return to House on Haunted Hill (2007 Horror Thriller).srt
2008-01-20 22:40 . 2007-10-22 19:54 72,054 --a------ C:\The.Condemned.srt
2008-01-20 18:58 . 2008-01-20 19:45 <DIR> d-------- C:\Filmid
2008-01-20 18:02 . 2008-01-20 21:47 737,124,352 --a------ C:\The Contractor (2007 Action).avi
2008-01-20 17:58 . 2008-01-20 17:58 53,193 --a------ C:\The Contractor (2007 Action).srt
2008-01-19 12:01 . 2008-01-21 11:15 734,943,232 --a------ C:\The.Condemned.DVD.SCREENER.XViD-PUKKA.[Jynger].avi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 19:03 --------- d-----w C:\Program Files\mIRC
2008-02-15 19:07 --------- d-----w C:\Program Files\eMule
2008-02-15 14:12 --------- d-----w C:\Documents and Settings\Janek\Application Data\FileZilla
2008-02-15 12:48 --------- d-----w C:\Documents and Settings\Janek\Application Data\uTorrent
2008-02-10 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-02-09 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 15:05 --------- d-----w C:\Program Files\Microsoft Games
2008-02-06 14:14 --------- d-----w C:\Program Files\Sports Interactive
2008-02-04 15:38 --------- d-----w C:\Documents and Settings\Janek\Application Data\U3
2008-02-04 13:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 06:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-03 15:59 --------- d--h--w C:\Documents and Settings\Janek\Application Data\ijjigame
2008-02-02 14:38 --------- d-----w C:\Documents and Settings\Janek\Application Data\LimeWire
2008-02-01 19:56 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-01 19:56 286,720 ------w C:\WINDOWS\Setup1.exe
2008-01-22 17:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-22 17:05 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-14 15:54 --------- d-----w C:\Program Files\EA SPORTS
2008-01-13 16:34 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-01-13 16:15 --------- d-----w C:\Documents and Settings\Janek\Application Data\SmartFTP
2008-01-13 16:12 --------- d-----w C:\Program Files\mozilla.org
2008-01-13 16:08 --------- d-----w C:\Program Files\SmartFTP
2008-01-09 13:37 --------- d-----w C:\Program Files\Google
2008-01-06 10:34 22,008 ----a-w C:\Documents and Settings\Janek\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 17:48 --------- d-----w C:\Program Files\Infogrames
2008-01-03 12:36 --------- d-----w C:\Program Files\Valve
2008-01-01 09:35 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 10:02 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-16 09:21 22,328 ----a-w C:\Documents and Settings\Janek\Application Data\PnkBstrK.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-04-07 09:48 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-02-05 09:27 36864]
"35384dd7.exe"="C:\Documents and Settings\Janek\Local Settings\Application Data\35384dd7.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 15:45 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05 344064]
"EstEID AIP switch"="C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1" [ ]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 22:47 180269]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-07-30 16:58 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-12 18:35 98304]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [ ]
"regsv32.exe"="C:\WINDOWS\system32\regsv32.exe" [2007-09-29 14:11 188416]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"GhostWall"="C:\Program Files\GhostWall\ghostwall.exe" [2005-09-29 16:28 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 00:13 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll 2008-02-15 13:06 8704 C:\WINDOWS\system32\LogCrypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]
winbjv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-15 22:16 6656 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmvffvf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 Skx67;Skx67;C:\WINDOWS\system32\Drivers\Skx67.sys [2008-02-16 21:04]
R2 ghstwall;ghstwall;C:\WINDOWS\system32\drivers\ghstwall.sys [2008-02-16 21:04]
S2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-30 23:40]
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2005-08-29 15:28]
S3 jfdcd;jfdcd;C:\DOCUME~1\Janek\LOCALS~1\Temp\jfdcd.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2005-06-14 19:42]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-16 20:20]

*Newly Created Service* - SKX67
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 18:21:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 21:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-16 21:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 19:07:49
.
2008-02-13 14:11:19 --- E O F ---

[kahdah]

1. Please open Notepad

• Click Start , then Run
• type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\Skx67.sys
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\drivers\govno.exe
C:\WINDOWS\system32\ssoewweo.tmp
C:\WINDOWS\system32\mmmvffvf.dll
C:\Documents and Settings\Janek\Local Settings\Application Data\35384dd7.exe
C:\WINDOWS\system32\regsv32.exe
C:\WINDOWS\system32\LogCrypt.dll
C:\WINDOWS\system32\WLCtrl32.dll
Folder::
C:\WINDOWS\system32\fnhoje
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"35384dd7.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"regsv32.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Driver::
Skx67
USB2_04

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[ClarkLeslie]

ComboFix 08-02-14.2 - Janek 2008-02-16 21:33:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.985 [GMT 2:00]
Running from: C:\Documents and Settings\Janek\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Janek\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Janek\Local Settings\Application Data\35384dd7.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\system32\drivers\govno.exe
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\drivers\Skx67.sys
C:\WINDOWS\system32\LogCrypt.dll
C:\WINDOWS\system32\mmmvffvf.dll
C:\WINDOWS\system32\regsv32.exe
C:\WINDOWS\system32\ssoewweo.tmp
C:\WINDOWS\system32\WLCtrl32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\system32\drivers\govno.exe
C:\WINDOWS\system32\drivers\nkv2.sys
C:\WINDOWS\system32\drivers\Skx67.sys
C:\WINDOWS\system32\fnhoje\
C:\WINDOWS\system32\LogCrypt.dll
C:\WINDOWS\system32\mmmvffvf.dll
C:\WINDOWS\system32\regsv32.exe
C:\WINDOWS\system32\ssoewweo.tmp
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SKX67
-------\LEGACY_USB2_04
-------\Skx67
-------\USB2_04


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 12:37 . 2008-02-16 12:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 22:37 . 2008-02-14 22:37 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-14 20:09 . 2008-02-14 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 20:08 . 2008-02-16 08:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 20:08 . 2008-02-14 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 20:08 . 2008-02-14 20:08 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\SUPERAntiSpyware.com
2008-02-14 17:53 . 2008-02-14 17:53 <DIR> d-------- C:\Program Files\GhostWall
2008-02-14 17:53 . 2008-02-16 21:36 6,520 --a------ C:\WINDOWS\system32\drivers\ghstwall.sys
2008-02-14 17:53 . 2008-02-14 17:53 1,440 --a------ C:\WINDOWS\system32\ghstwall.fir
2008-02-13 13:05 . 2008-02-13 13:05 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-02-12 18:55 . 2008-02-12 20:43 365,875,852 --a------ C:\prison.break.s03e12.hdtv.xvid-xor [La!sk].avi
2008-02-12 15:00 . 2008-02-12 15:05 <DIR> d-------- C:\WINDOWS\.frugoo_file_store_32
2008-02-09 22:07 . 2008-02-09 22:07 <DIR> d-------- C:\Program Files\SEGA
2008-02-08 08:19 . 2008-02-09 21:12 4,221,632,512 --a------ C:\Medieval 2 Total War 2.iso
2008-02-07 09:13 . 2008-02-07 09:13 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-06 21:20 . 2008-02-06 21:36 <DIR> d-------- C:\Documents and Settings\Janek\dodian.com
2008-02-06 18:48 . 2008-02-08 07:32 4,031,334,400 --a------ C:\Medieval 2 Total War 1.iso
2008-02-04 17:53 . 2008-02-06 18:47 1,130,958,848 --a------ C:\Medieval 2 Total War Kingdoms 2 [ATK].iso
2008-02-04 17:53 . 2008-02-15 16:12 1,114,215,060 --a------ C:\Medieval 2 Total War Kingdoms 1 [ATK].iso
2008-02-04 00:13 . 2008-02-04 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 00:13 . 2008-02-14 08:28 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\AVG7
2008-02-04 00:13 . 2008-02-04 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 00:10 . 2008-02-04 00:10 101 --a------ C:\WINDOWS\wininit.ini
2008-02-03 23:28 . 2008-02-03 23:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 23:28 . 2008-02-04 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 12:27 . 2008-02-03 12:27 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-01 21:56 . 2008-02-01 21:56 4,608 --a------ C:\WINDOWS\system32\temp.000
2008-01-30 22:29 . 2008-01-30 22:29 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\TVU networks
2008-01-30 22:29 . 2008-01-30 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-30 22:28 . 2008-01-30 22:29 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-26 14:39 . 2008-01-26 18:20 732,919,808 --a------ C:\Juno DVDSCR XViD-HLS.avi
2008-01-26 14:36 . 2003-08-28 18:43 40,090 --------- C:\Johnny English 730.796.032.by savi 2ver.sub
2008-01-26 11:39 . 2008-01-26 11:39 91,993 --a------ C:\Juno DVDSCR XViD-HLS.srt
2008-01-26 09:55 . 2008-01-26 14:34 734,814,208 --------- C:\Johnny English [Diablo].avi
2008-01-24 18:52 . 2008-01-25 13:02 <DIR> d-------- C:\Documents and Settings\Janek\Application Data\PowerChallenge
2008-01-23 14:49 . 2006-09-21 12:40 35,897 --a------ C:\See No Evil.srt
2008-01-22 01:29 . 2008-01-22 08:07 733,870,080 --a------ C:\Captivity (2007 Thriller).avi
2008-01-22 01:29 . 2008-01-22 01:29 39,881 --a------ C:\Captivity (2007 Thriller).srt
2008-01-22 01:17 . 2008-01-22 07:56 733,786,112 --a------ C:\Atonement.2007.DvDRip.Eng-FxM.avi
2008-01-21 18:34 . 2008-01-22 01:29 735,553,536 --a------ C:\The Lookout[2007 Crime Drama Thriller ].avi
2008-01-21 18:34 . 2008-01-21 18:34 62,995 --a------ C:\The Lookout[2007 Crime Drama Thriller ].sub
2008-01-21 18:12 . 2008-01-22 01:17 735,117,312 --a------ C:\Severance ( 2006 Horror.Comedy.Thriller).avi
2008-01-21 18:12 . 2008-01-21 18:12 48,031 --a------ C:\Severance ( 2006 Horror.Comedy.Thriller).srt
2008-01-21 11:56 . 2008-01-21 18:34 663,980,032 --a------ C:\See.No.Evil.(DVD-Rip.Mp3.5.1).[maRRtin].avi
2008-01-20 23:40 . 2008-01-21 18:11 733,976,576 --a------ C:\Return to House on Haunted Hill (2007 Horror Thriller).avi
2008-01-20 23:40 . 2008-01-20 23:40 49,111 --a------ C:\Return to House on Haunted Hill (2007 Horror Thriller).srt
2008-01-20 22:40 . 2007-10-22 19:54 72,054 --a------ C:\The.Condemned.srt
2008-01-20 18:58 . 2008-01-20 19:45 <DIR> d-------- C:\Filmid
2008-01-20 18:02 . 2008-01-20 21:47 737,124,352 --a------ C:\The Contractor (2007 Action).avi
2008-01-20 17:58 . 2008-01-20 17:58 53,193 --a------ C:\The Contractor (2007 Action).srt
2008-01-19 12:01 . 2008-01-21 11:15 734,943,232 --a------ C:\The.Condemned.DVD.SCREENER.XViD-PUKKA.[Jynger].avi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 19:03 --------- d-----w C:\Program Files\mIRC
2008-02-15 19:07 --------- d-----w C:\Program Files\eMule
2008-02-15 14:12 --------- d-----w C:\Documents and Settings\Janek\Application Data\FileZilla
2008-02-15 12:48 --------- d-----w C:\Documents and Settings\Janek\Application Data\uTorrent
2008-02-10 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-02-09 20:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 15:05 --------- d-----w C:\Program Files\Microsoft Games
2008-02-06 14:14 --------- d-----w C:\Program Files\Sports Interactive
2008-02-04 15:38 --------- d-----w C:\Documents and Settings\Janek\Application Data\U3
2008-02-04 13:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 06:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-03 15:59 --------- d--h--w C:\Documents and Settings\Janek\Application Data\ijjigame
2008-02-02 14:38 --------- d-----w C:\Documents and Settings\Janek\Application Data\LimeWire
2008-02-01 19:56 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-01 19:56 286,720 ------w C:\WINDOWS\Setup1.exe
2008-01-22 17:05 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 15:54 --------- d-----w C:\Program Files\EA SPORTS
2008-01-13 16:34 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-01-13 16:15 --------- d-----w C:\Documents and Settings\Janek\Application Data\SmartFTP
2008-01-13 16:12 --------- d-----w C:\Program Files\mozilla.org
2008-01-13 16:08 --------- d-----w C:\Program Files\SmartFTP
2008-01-09 13:37 --------- d-----w C:\Program Files\Google
2008-01-06 10:34 22,008 ----a-w C:\Documents and Settings\Janek\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 17:48 --------- d-----w C:\Program Files\Infogrames
2008-01-03 12:36 --------- d-----w C:\Program Files\Valve
2008-01-01 09:35 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 09:21 22,328 ----a-w C:\Documents and Settings\Janek\Application Data\PnkBstrK.sys
2006-04-07 09:48 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-02-05 09:27 36864]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 15:45 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05 344064]
"EstEID AIP switch"="C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1" [ ]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 22:47 180269]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-07-30 16:58 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-12 18:35 98304]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"GhostWall"="C:\Program Files\GhostWall\ghostwall.exe" [2005-09-29 16:28 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 00:13 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 ghstwall;ghstwall;C:\WINDOWS\system32\drivers\ghstwall.sys [2008-02-16 21:36]
S2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-30 23:40]
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys [2005-08-29 15:28]
S3 jfdcd;jfdcd;C:\DOCUME~1\Janek\LOCALS~1\Temp\jfdcd.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2005-06-14 19:42]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 19:21:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 21:36:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2008-02-16 21:39:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 19:39:03
ComboFix2.txt 2008-02-16 19:07:54
.
2008-02-13 14:11:19 --- E O F ---


---------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:27, on 16.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Delfi - {07818CC7-EDC8-45DC-9B6A-208293B8504B} - www.delfi.ee (file missing) (HKCU)
O9 - Extra button: MicroLink - {58C6AA38-7128-4FDB-8252-B61CF01A48C3} - www.microlink.ee (file missing) (HKCU)
O9 - Extra button: ML Arvutid - {BACAD19A-2ACA-47F1-9A23-5D3C70677126} - www.arvutid.ee (file missing) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchal...PowerLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hang...anSetup1010.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21750 bytes

[ClarkLeslie]

Anyway, my computer seems to be a lot faster now.

[kahdah]

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[/code]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
======================
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\fnhoje

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=================
After that Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post along with the OTMove it2 log and a new Hijackthis log.

[ClarkLeslie]

My computer isn´t moving now at all, but I try.

Here´s the OTMove log:

File move failed. C:\WINDOWS\system32\fnhoje scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02172008_095000


---------------------------------------------------------------------------------------

Hijack log coming right up and Kaspersky too, when I finally can open it.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:07, on 17.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Delfi - {07818CC7-EDC8-45DC-9B6A-208293B8504B} - www.delfi.ee (file missing) (HKCU)
O9 - Extra button: MicroLink - {58C6AA38-7128-4FDB-8252-B61CF01A48C3} - www.microlink.ee (file missing) (HKCU)
O9 - Extra button: ML Arvutid - {BACAD19A-2ACA-47F1-9A23-5D3C70677126} - www.arvutid.ee (file missing) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchal...PowerLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hang...anSetup1010.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21844 bytes

Edited by ClarkLeslie, 17 February 2008 - 05:18 AM.

[ClarkLeslie]

I did the Kaspersky-thing also, it said 14 viruses and 42 infected files, but didn´t give me any reports or nothing.

[kahdah]

You had a few rootkits on your computer so one is still present.
Let's do the following.


* Click here to download AVG Anti Rootkit and save it to your desktop.

• Double-click on the avgarkt-setup-1.1.0.42.exefile to run it.
• Click "I Agree" to agree to the EULA.
• By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit".
• Click "Next" to begin the installation then click "Install".
• It will then ask you to reboot now to finish the installation.
• Click "Finish" and your computer will reboot.
• After it reboots, double-click on the AVG Anti-Rootkit shortcut that is now on your desktop.
• Click on the "Perform in-depth search" button to begin the scan.
• The scan will take a while so be patient and let it complete.
• When the scan is finished, click the "Save result to file" button.
• Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.

[ClarkLeslie]

I need to do the scan again, because it showed only 33 now, there was 42 before.




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 4:55:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570048
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 98878
Number of viruses found: 14
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 01:16:33

Infected Object Name / Virus Name / Last Action
C:\a0f95735bfade0592e\antileak.txt Object is locked skipped
C:\a0f95735bfade0592e\webdriver0.log Object is locked skipped
C:\a0f95735bfade0592e\YServer.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\cert8.db Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\history.dat Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\key3.db Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\parent.lock Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Janek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Janek\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\dfsr.db Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\fsr.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\tmp.edb Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DF4945.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DF4950.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DFF751.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DFF75C.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Janek\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Janek\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\L0000010.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\govno.exe.vir Infected: Trojan-Dropper.Win32.Agent.drt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Pvmd53.sys.vir Infected: Trojan.Win32.Srizbi.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Yee23.sys.vir Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\LogCrypt.dll.vir Infected: Trojan.Win32.Agent.eub skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\catchme2008-02-16_210450.57.zip/Yee23.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped
C:\QooBox\Quarantine\catchme2008-02-16_210450.57.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-16_213626.79.zip/Skx67.sys Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\catchme2008-02-16_213626.79.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/keygen.exe Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.hlr skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009318.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009319.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009320.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009322.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP53\A0015493.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP57\A0015762.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP57\A0015764.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP58\A0016142.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016173.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016174.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016175.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016176.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016195.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016210.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016252.exe Infected: HackTool.Win32.Injecter.l skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP60\A0018285.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP65\A0023736.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP65\A0024015.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP68\A0025963.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP68\A0029995.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP69\A0030000.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030156.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030188.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030236.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032282.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032297.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032309.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032312.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032324.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032333.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032347.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0034442.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP73\A0036447.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP73\A0037457.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037486.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037487.sys Infected: Email-Worm.Win32.Agent.e skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037547.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037557.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037558.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037559.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037562.dll Infected: Email-Worm.Win32.Agent.e skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2B13B01F-2FD9-46AA-B833-B7AC60CEFF00}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\fnhoje Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[ClarkLeslie]

No rootkits in my computer according to the AVG program.

[kahdah]

Ok you can uninstall the AVG Rootkit program.

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\fnhoje

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.