Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please Help, Really Desperate Now: Another Vundo Victim :help: [RESOL

Started by jacquic , Mar 14 2008 06:02 AM

This topic is locked

#1
jacquic

Posted 14 March 2008 - 06:02 AM

Member

Member
11 posts

Hi,

I've been infected by the vundo.b.gen trojan/virus. I've been trying for 2 weeks to clean it and have read many of the logs o here and have tried using the advice given to clean my system.

All to no avail me thinks. Tonight I ran the Combofix and hijack this and the logs are below.

If anyone can help me, i'd really appreciate it.

ComboFix 08-03-13.4 - Jacqui 2008-03-14 22:20:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.597 [GMT 11:00]
Running from: C:\Documents and Settings\Jacqui\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0b21c4a4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaofeiyd.dll
C:\WINDOWS\system32\avnasnds.ini
C:\WINDOWS\system32\btpmxcoc.dll
C:\WINDOWS\system32\cosuhxev.dll
C:\WINDOWS\system32\cvklwycv.dll
C:\WINDOWS\system32\dljgxdsg.ini
C:\WINDOWS\system32\eaihrpef.dll
C:\WINDOWS\system32\enwbdhnk.dll
C:\WINDOWS\system32\fyimvhoy.dll
C:\WINDOWS\system32\gflpuide.dll
C:\WINDOWS\system32\gsdxgjld.dll
C:\WINDOWS\system32\hhdsidrp.dll
C:\WINDOWS\system32\hhiyifii.ini
C:\WINDOWS\system32\hqaxxuvo.dll
C:\WINDOWS\system32\hydhpryq.ini
C:\WINDOWS\system32\iifiyihh.dll
C:\WINDOWS\system32\ionjwmom.ini
C:\WINDOWS\system32\iuykjxcb.dll
C:\WINDOWS\system32\jikpmotq.ini
C:\WINDOWS\system32\judxlhgp.dll
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mienfkrx.dll
C:\WINDOWS\system32\ndasendy.dll
C:\WINDOWS\system32\nxnnuieh.dll
C:\WINDOWS\system32\orrnhmht.dll
C:\WINDOWS\system32\peetjagc.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pwghuevt.dll
C:\WINDOWS\system32\pwrbfkud.dll
C:\WINDOWS\system32\pxvblvae.dll
C:\WINDOWS\system32\qfrdyuen.dll
C:\WINDOWS\system32\qqagrjra.ini
C:\WINDOWS\system32\qtompkij.dll
C:\WINDOWS\system32\rdulrfky.dll
C:\WINDOWS\system32\rktgnoov.dll
C:\WINDOWS\system32\ryunerpe.dll
C:\WINDOWS\system32\tratlbqr.dll
C:\WINDOWS\system32\twhglyye.dll
C:\WINDOWS\system32\waengqgb.dll
C:\WINDOWS\system32\xopnuyqv.dll
C:\WINDOWS\system32\ydnesadn.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-14 22:03 . 2008-03-14 22:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 22:03 . 2008-03-14 22:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 21:53 . 2008-03-14 21:53 2 --a------ C:\ProcessList.txtPROCESS
2008-03-14 21:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-14 20:52 . 2007-02-04 05:27 938,272 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-03-14 20:52 . 2003-02-21 23:42 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2008-03-14 20:52 . 2007-02-04 05:29 129,824 -ra------ C:\WINDOWS\system32\lvci1051.dll
2008-03-14 20:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-14 20:52 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-14 20:52 . 2007-02-04 03:59 50,127 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-03-14 20:52 . 2007-02-04 05:32 41,504 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-03-14 20:52 . 2007-02-04 05:27 14,240 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-03-14 20:52 . 2007-02-04 04:01 13,398 -ra------ C:\WINDOWS\system32\Repository.reg
2008-03-14 20:39 . 2008-03-14 20:52 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-03-14 20:39 . 2008-03-14 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-14 20:39 . 2008-03-14 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-12 20:41 . 2008-03-13 19:21 2,035 ---hs---- C:\WINDOWS\system32\jtoqroob.ini
2008-03-11 20:37 . 2008-03-12 20:37 1,915 ---hs---- C:\WINDOWS\system32\rpgaxffd.ini
2008-03-10 08:36 . 2008-03-11 20:35 1,795 ---hs---- C:\WINDOWS\system32\trmexank.ini
2008-03-09 14:24 . 2008-03-10 08:35 1,675 ---hs---- C:\WINDOWS\system32\raowjnum.ini
2008-03-06 02:43 . 2008-03-06 02:43 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-05 21:08 . 2008-03-06 21:41 <DIR> d-------- C:\VundoFix Backups
2008-03-05 21:01 . 2008-03-06 22:00 1,315 ---hs---- C:\WINDOWS\system32\ejxhtmlr.ini
2008-03-05 06:06 . 2008-03-05 18:34 895 ---hs---- C:\WINDOWS\system32\vrgxifxe.ini
2008-03-05 06:06 . 2008-03-05 06:06 775 ---hs---- C:\WINDOWS\system32\vicjibqe.tmp
2008-03-04 22:14 . 2008-03-11 00:11 <DIR> d-------- C:\infected
2008-03-04 06:05 . 2008-03-05 06:05 775 ---hs---- C:\WINDOWS\system32\vicjibqe.ini
2008-03-03 14:54 . 2008-03-14 21:04 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\skypePM
2008-03-03 14:54 . 2008-03-03 14:54 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-03 14:49 . 2008-03-14 21:27 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\Skype
2008-03-03 14:48 . 2008-03-03 14:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-03 14:48 . 2008-03-03 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-02 06:04 . 2008-03-04 06:04 415 --ahs---- C:\WINDOWS\system32\hvxkfogo.ini
2008-03-01 06:07 . 2008-03-01 11:00 1,796,579 --ahs---- C:\WINDOWS\system32\mjhgmidw.ini
2008-02-29 06:06 . 2008-03-01 06:07 1,871,870 --ahs---- C:\WINDOWS\system32\pppvrhkv.ini
2008-02-28 06:05 . 2008-02-29 06:05 2,034,883 --ahs---- C:\WINDOWS\system32\ldmqlvob.ini
2008-02-25 19:20 . 2008-02-25 19:30 107 --a------ C:\WINDOWS\IfoEdit.INI
2008-02-25 19:05 . 2004-01-16 15:50 516,096 --a------ C:\WINDOWS\system32\CLVSDS.ax
2008-02-25 19:05 . 2008-02-03 21:26 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2008-02-25 19:05 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2008-02-25 19:05 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-02-25 19:05 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-02-25 18:29 . 2008-02-25 19:21 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-25 18:29 . 2008-02-25 19:07 <DIR> d-------- C:\ConverterOutput
2008-02-25 18:29 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-02-25 18:29 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-02-25 18:29 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-02-25 18:29 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-02-25 18:29 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-02-25 15:21 . 2008-02-25 15:21 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-02-25 15:21 . 2008-02-25 15:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-24 09:15 . <DIR> C:\Documents and Settings\Jacqui\Application Data\NeroDigitalT
2008-02-24 05:22 . 2008-03-03 22:39 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-23 18:34 . 2008-02-23 18:34 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\Nero
2008-02-23 18:25 . 2008-03-06 22:29 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-23 18:25 . 2008-03-06 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-23 17:57 . 2008-02-23 20:24 <DIR> d-------- C:\Program Files\AskTBar
2008-02-23 16:35 . 2008-02-23 16:35 <DIR> d-------- C:\Program Files\FireTrust

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 11:33 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-14 11:11 --------- d-----w C:\Program Files\Java
2008-03-14 10:39 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-14 09:39 --------- d-----w C:\Program Files\Logitech
2008-03-14 09:31 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\MailWasherPro
2008-03-11 15:33 5,545,472 ----a-w C:\WINDOWS\Internet Logs\xDB178.tmp
2008-03-11 10:11 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-11 09:50 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB179.tmp
2008-03-11 09:28 5,549,568 ----a-w C:\WINDOWS\Internet Logs\xDB176.tmp
2008-03-11 03:27 43,008 ----a-w C:\WINDOWS\Internet Logs\xDB177.tmp
2008-03-07 01:19 61,952 ----a-w C:\WINDOWS\Internet Logs\xDB175.tmp
2008-03-07 01:19 --------- d-----w C:\Program Files\a-squared Free
2008-03-06 23:15 5,540,864 ----a-w C:\WINDOWS\Internet Logs\xDB174.tmp
2008-03-05 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 15:44 5,540,864 ----a-w C:\WINDOWS\Internet Logs\xDB172.tmp
2008-03-05 15:44 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB173.tmp
2008-03-05 08:04 --------- d-----w C:\Program Files\TomTom HOME
2008-03-04 13:38 5,534,208 ----a-w C:\WINDOWS\Internet Logs\xDB170.tmp
2008-03-04 11:42 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB171.tmp
2008-03-04 11:19 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB16F.tmp
2008-03-04 11:14 5,537,792 ----a-w C:\WINDOWS\Internet Logs\xDB16E.tmp
2008-03-03 11:40 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Azureus
2008-03-03 03:48 --------- d-----w C:\Program Files\Skype
2008-02-29 07:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-28 07:21 5,480,448 ----a-w C:\WINDOWS\Internet Logs\xDB16C.tmp
2008-02-28 07:21 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB16D.tmp
2008-02-27 19:05 5,490,176 ----a-w C:\WINDOWS\Internet Logs\xDB16A.tmp
2008-02-27 11:53 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB16B.tmp
2008-02-26 19:57 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB169.tmp
2008-02-26 19:29 5,500,416 ----a-w C:\WINDOWS\Internet Logs\xDB168.tmp
2008-02-23 22:15 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\NeroDigital™
2008-02-23 07:11 --------- d-----w C:\Program Files\Ahead
2008-02-23 07:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-23 07:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-22 23:59 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB167.tmp
2008-02-22 19:12 5,309,440 ----a-w C:\WINDOWS\Internet Logs\xDB166.tmp
2008-02-21 10:28 5,304,832 ----a-w C:\WINDOWS\Internet Logs\xDB164.tmp
2008-02-21 09:30 122,368 ----a-w C:\WINDOWS\Internet Logs\xDB165.tmp
2008-02-21 09:30 --------- d-----w C:\Program Files\Azureus
2008-02-17 00:37 --------- d-----w C:\Program Files\mIRC
2008-02-09 23:27 5,250,560 ----a-w C:\WINDOWS\Internet Logs\xDB162.tmp
2008-02-09 23:27 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB163.tmp
2008-02-09 20:12 5,250,560 ----a-w C:\WINDOWS\Internet Logs\xDB160.tmp
2008-02-09 10:43 86,016 ----a-w C:\WINDOWS\Internet Logs\xDB161.tmp
2008-01-31 13:25 5,246,976 ----a-w C:\WINDOWS\Internet Logs\xDB15E.tmp
2008-01-31 10:16 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB15F.tmp
2008-01-29 17:27 5,249,536 ----a-w C:\WINDOWS\Internet Logs\xDB15C.tmp
2008-01-29 15:07 135,168 ----a-w C:\WINDOWS\Internet Logs\xDB15D.tmp
2008-01-22 10:01 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\OpenOffice.org2
2008-01-13 12:37 5,245,440 ----a-w C:\WINDOWS\Internet Logs\xDB15A.tmp
2008-01-13 09:46 138,240 ----a-w C:\WINDOWS\Internet Logs\xDB15B.tmp
2008-01-01 20:02 5,244,928 -c--a-w C:\WINDOWS\Internet Logs\xDB158.tmp
2008-01-01 20:02 246,272 -c--a-w C:\WINDOWS\Internet Logs\xDB159.tmp
2007-12-30 07:38 5,240,832 -c--a-w C:\WINDOWS\Internet Logs\xDB156.tmp
2007-12-30 07:38 123,904 -c--a-w C:\WINDOWS\Internet Logs\xDB157.tmp
2007-12-27 06:30 50,688 -c--a-w C:\WINDOWS\Internet Logs\xDB155.tmp
2007-12-27 06:30 5,235,712 -c--a-w C:\WINDOWS\Internet Logs\xDB154.tmp
2007-12-22 18:32 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB152.tmp
2007-12-22 18:32 23,552 -c--a-w C:\WINDOWS\Internet Logs\xDB153.tmp
2007-12-22 06:32 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB150.tmp
2007-12-22 06:32 22,016 -c--a-w C:\WINDOWS\Internet Logs\xDB151.tmp
2007-12-22 05:02 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB14E.tmp
2007-12-22 05:02 24,064 -c--a-w C:\WINDOWS\Internet Logs\xDB14F.tmp
2007-12-21 22:25 74,752 -c--a-w C:\WINDOWS\Internet Logs\xDB14D.tmp
2007-12-21 22:25 5,198,848 -c--a-w C:\WINDOWS\Internet Logs\xDB14C.tmp
2007-12-19 10:19 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB14A.tmp
2007-12-19 10:19 36,352 -c--a-w C:\WINDOWS\Internet Logs\xDB14B.tmp
2007-12-18 08:38 5,198,848 -c--a-w C:\WINDOWS\Internet Logs\xDB148.tmp
2007-12-18 08:37 28,160 -c--a-w C:\WINDOWS\Internet Logs\xDB149.tmp
2007-12-18 03:54 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB146.tmp
2007-12-18 03:54 24,576 -c--a-w C:\WINDOWS\Internet Logs\xDB147.tmp
2007-12-17 19:55 51,200 -c--a-w C:\WINDOWS\Internet Logs\xDB145.tmp
2007-12-17 19:55 5,196,800 -c--a-w C:\WINDOWS\Internet Logs\xDB144.tmp
2007-12-16 05:26 5,192,192 -c--a-w C:\WINDOWS\Internet Logs\xDB142.tmp
2007-12-16 05:26 15,360 -c--a-w C:\WINDOWS\Internet Logs\xDB143.tmp
2007-12-15 21:46 5,192,192 -c--a-w C:\WINDOWS\Internet Logs\xDB140.tmp
2007-12-15 21:40 142,848 -c--a-w C:\WINDOWS\Internet Logs\xDB141.tmp
2007-12-10 22:54 142,848 -c--a-w C:\WINDOWS\Internet Logs\xDB13F.tmp
2007-12-10 21:04 5,192,192 -c--a-w C:\WINDOWS\Internet Logs\xDB13E.tmp
2007-12-09 14:02 5,187,584 -c--a-w C:\WINDOWS\Internet Logs\xDB13C.tmp
2007-12-09 14:02 1,066,496 -c--a-w C:\WINDOWS\Internet Logs\xDB13D.tmp
2007-12-03 01:45 5,182,976 -c--a-w C:\WINDOWS\Internet Logs\xDB13A.tmp
2007-12-03 01:45 252,928 -c--a-w C:\WINDOWS\Internet Logs\xDB13B.tmp
2007-12-01 11:28 5,182,976 -c--a-w C:\WINDOWS\Internet Logs\xDB138.tmp
2007-12-01 11:28 2,653,184 -c--a-w C:\WINDOWS\Internet Logs\xDB139.tmp
2007-11-04 23:11 5,147,648 -c--a-w C:\WINDOWS\Internet Logs\xDB136.tmp
2007-11-04 23:11 36,352 -c--a-w C:\WINDOWS\Internet Logs\xDB137.tmp
2007-11-04 22:46 778,752 -c--a-w C:\WINDOWS\Internet Logs\xDB135.tmp
2007-11-04 22:46 5,147,136 -c--a-w C:\WINDOWS\Internet Logs\xDB134.tmp
2007-11-03 15:08 5,147,136 -c--a-w C:\WINDOWS\Internet Logs\xDB132.tmp
2007-11-03 15:08 2,651,648 -c--a-w C:\WINDOWS\Internet Logs\xDB133.tmp
2007-10-20 01:29 1,597,952 -c--a-w C:\WINDOWS\Internet Logs\xDB131.tmp
2007-10-20 01:26 5,128,704 -c--a-w C:\WINDOWS\Internet Logs\xDB130.tmp
2007-10-13 22:51 5,128,704 -c--a-w C:\WINDOWS\Internet Logs\xDB12E.tmp
2007-10-13 22:51 13,824 -c--a-w C:\WINDOWS\Internet Logs\xDB12F.tmp
2007-10-13 20:59 5,128,704 -c--a-w C:\WINDOWS\Internet Logs\xDB12C.tmp
2007-10-13 20:59 2,656,256 -c--a-w C:\WINDOWS\Internet Logs\xDB12D.tmp
2007-09-29 12:44 5,111,808 -c--a-w C:\WINDOWS\Internet Logs\xDB12A.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44 1200128]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 01:43 57344]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 19:08 53248]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360]

C:\Documents and Settings\Jacqui\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-02-23 16:35:33 16667786]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffdab]
khffdab.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 14:03]
R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-30 04:51]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-26 16:51]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-05-14 20:01]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 14:50]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 12:04]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-24 09:38]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 12:04]
S3 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
S3 CA500AI;Polaroid PDC 330 Still Image Capture;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2002-07-19 15:29]
S3 CA500AV;Polaroid PDC 330 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-10-02 18:17]
S3 flatbus;NEC WMC USB_BK1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\flatbus.sys [2005-07-07 15:39]
S3 flatmdfl;NEC WMC USB_BK1 Modem Filter;C:\WINDOWS\system32\DRIVERS\flatmdfl.sys [2005-07-07 15:39]
S3 flatmdm;NEC WMC USB_BK1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\flatmdm.sys [2005-07-07 15:39]
S3 flatobex;NEC WMC USB_BK1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\flatobex.sys [2005-07-07 15:39]
S3 genmcmn;ViewMate Optical PS2 Mouse MC204 Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2001-08-16 10:52]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-08-12 12:55]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-08-12 12:55]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-08-12 12:55]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-08-12 12:55]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-08-12 12:55]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 11:55]
S3 OracleOraHome81ManagementServer;OracleOraHome81ManagementServer;C:\oracle\ora81\bin\OMSNTsrv.exe [2005-02-21 19:16]
S3 QCAbsee;Logitech QuickCam Web(PID_0801);C:\WINDOWS\system32\DRIVERS\LVCA.sys [2001-09-24 09:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea494f81-35d6-11dc-9030-0004e2172680}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 22:34:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-03-14 22:40:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 11:40:08

==========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:05 PM, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Anti virus programmes\Spy bot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124182726578
O16 - DPF: {769F454F-A488-11D4-AA30-005004C3096A} (DME Web Support) - http://dmetaf.in.tel...bcab/ckoweb.cab
O18 - Protocol: bw+0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FDB5CB2E-50EC-4616-B6BA-5C1643A046C9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khffdab - khffdab.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81ManagementServer - Unknown owner - C:\oracle\ora81\bin\OMSNTsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 22481 bytes

Edited by jacquic, 20 March 2008 - 06:38 AM.

#2
Stamper19

Posted 22 April 2008 - 05:44 AM

Expert

Expert
1,992 posts

Hi jacquic,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

Lets get an updated look at things before we get to work.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

Close all applications and windows.
Double-click on DSS.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

main.txt and extra.txt from DSS

#3
jacquic

Posted 23 April 2008 - 04:33 AM

Member

Topic Starter
Member
11 posts

Thanks Stamper. Hope the information below gives you an idea of what's going on.

Here's the Main.txt

Deckard's System Scanner v20071014.68
Run by Jacqui on 2008-04-23 20:15:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
50: 2008-04-23 10:15:37 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2008-04-22 16:00:17 UTC - RP49 - System Checkpoint
48: 2008-04-21 15:18:14 UTC - RP48 - System Checkpoint
47: 2008-04-20 15:17:58 UTC - RP47 - System Checkpoint
46: 2008-04-19 14:06:30 UTC - RP46 - System Checkpoint

-- First Restore Point --
1: 2008-03-14 11:34:11 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jacqui.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:15 PM, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Jacqui\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jacqui.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - http://h50203.www5.h...SPEIPAQTool.CAB
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124182726578
O16 - DPF: {769F454F-A488-11D4-AA30-005004C3096A} (DME Web Support) - http://dmetaf.in.tel...bcab/ckoweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khffdab - khffdab.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81ManagementServer - Unknown owner - C:\oracle\ora81\bin\OMSNTsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 11018 bytes

-- File Associations -----------------------------------------------------------

.chm - chm.file - DefaultIcon - C:\WINDOWS\Installer\{3E1ED9B1-BE90-440B-A1EC-64E2660E3B83}\_0EA76AD5_A9C8_44D7_9151_B46F94940126,0

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NaiFsRec - c:\windows\system32\drivers\naifsrec.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 cmudax (C-Media Azalia Audio Interface) - c:\windows\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 NaiFiltr - c:\program files\common files\network associates\mcshield\naifiltr.sys

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S3 flatbus (NEC WMC USB_BK1 Composite Device driver (WDM)) - c:\windows\system32\drivers\flatbus.sys <Not Verified; MCCI; NEC WMC USB_BK1 Composite Device>
S3 flatmdfl (NEC WMC USB_BK1 Modem Filter) - c:\windows\system32\drivers\flatmdfl.sys <Not Verified; MCCI; NEC WMC USB_BK1 Modem Filter Driver>
S3 flatmdm (NEC WMC USB_BK1 Modem Drivers) - c:\windows\system32\drivers\flatmdm.sys <Not Verified; MCCI; NEC WMC USB_BK1 Modem>
S3 flatobex (NEC WMC USB_BK1 OBEX Interface Drivers (WDM)) - c:\windows\system32\drivers\flatobex.sys <Not Verified; MCCI; NEC WMC USB_BK1 OBEX Interface>
S3 genmcmn (ViewMate Optical PS2 Mouse MC204 Driver) - c:\windows\system32\drivers\gmfiltr.sys <Not Verified; KYE Systems Corp.; Scroll Mouse Driver>
S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech, Inc.; Logitech SetPoint™>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvSynMgr (AVSync Manager) - "c:\program files\network associates\virusscan\avsynmgr.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
S3 OracleOraHome81ClientCache - c:\oracle\ora81\bin\onrsd.exe
S3 OracleOraHome81ManagementServer - c:\oracle\ora81\bin\omsntsrv.exe
S3 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>
S4 Avswsersperv -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13\4&10A6A55&0&28F0
Manufacturer: Marvell
Name: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13\4&10A6A55&0&28F0
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\494546FEA00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\494546FEA00
Service: NIC1394

-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 16:15:00 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-06 07:45:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-05 13:42:35 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 13:42:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-05 13:42:26 0 d-------- C:\Documents and Settings\Jacqui\Application Data\SUPERAntiSpyware.com

-- Find3M Report ---------------------------------------------------------------

2008-04-23 19:32:27 0 d-------- C:\Documents and Settings\Jacqui\Application Data\MailWasherPro
2008-04-23 06:04:30 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Skype
2008-04-18 23:21:26 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-04-12 08:07:49 0 d-------- C:\Documents and Settings\Jacqui\Application Data\skypePM
2008-04-10 22:24:01 0 d-------- C:\Program Files\Google
2008-04-06 20:12:35 0 d-------- C:\Program Files\mIRC
2008-04-05 20:53:53 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Image Zone Express
2008-04-05 20:53:43 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Adobe
2008-04-05 20:19:09 0 d-------- C:\Program Files\TomTom HOME
2008-04-05 20:17:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 14:13:25 0 d-------- C:\Program Files\a-squared Free
2008-04-05 13:41:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 18:53:33 0 d-------- C:\Program Files\Nero
2008-03-29 18:53:22 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Nero
2008-03-28 21:04:27 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-20 20:04:19 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-20 20:03:46 0 d-------- C:\Documents and Settings\Jacqui\Application Data\InstallShield
2008-03-20 19:44:46 0 d-------- C:\Program Files\Common Files
2008-03-20 19:44:46 0 d-------- C:\Program Files\Common Files\HP
2008-03-20 19:44:43 0 d-------- C:\Program Files\HP
2008-03-20 17:44:42 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Simple Star
2008-03-20 17:44:42 67 --a------ C:\Documents and Settings\Jacqui\Application Data\Setup.txt
2008-03-20 17:40:50 0 d-------- C:\Program Files\Common Files\Simple Star Shared
2008-03-20 17:38:43 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-19 20:10:09 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-03-15 15:02:44 0 d-------- C:\Program Files\Logitech
2008-03-14 21:49:29 0 d-------- C:\Program Files\Trend Micro
2008-03-14 21:33:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-14 21:11:19 0 d-------- C:\Program Files\Java
2008-03-14 20:39:00 0 d-------- C:\Program Files\Yahoo!
2008-03-14 20:38:39 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Yahoo!
2008-03-06 21:29:54 0 d-------- C:\Program Files\Common Files\Nero
2008-03-06 01:43:52 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-03-03 21:40:16 0 d-------- C:\Documents and Settings\Jacqui\Application Data\Azureus
2008-03-03 13:48:49 0 d-------- C:\Program Files\Skype
2008-03-03 13:48:47 0 d-------- C:\Program Files\Common Files\Skype
2008-02-29 17:34:48 0 d-------- C:\Program Files\SpywareBlaster
2008-02-28 19:24:28 74 --a------ C:\WINDOWS\popcinfo.dat
2008-02-25 18:21:15 0 d-------- C:\Program Files\Cucusoft
2008-02-25 14:21:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-02-25 14:19:16 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-24 08:15:18 0 d-------- C:\Documents and Settings\Jacqui\Application Data\NeroDigital™
2008-02-23 19:24:06 0 d-------- C:\Program Files\AskTBar
2008-02-23 17:11:09 0 d-------- C:\Program Files\Ahead
2008-02-23 17:10:58 0 d-------- C:\Program Files\Mozilla Sunbird
2008-02-23 15:35:33 0 d-------- C:\Program Files\FireTrust
2008-02-03 20:26:50 364544 --a------ C:\WINDOWS\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [20/08/2003 12:43 AM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [30/11/1998 05:04 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 01:17 AM C:\WINDOWS\KHALMNPR.Exe]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [01/07/2004 06:08 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 03:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 03:37 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 03:40 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/11/2007 01:17 AM C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [15/11/2005 07:44 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []

C:\Documents and Settings\Jacqui\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [23/02/2008 3:35:33 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [18/04/2008 11:25:33 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [20/03/2008 8:04:15 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 11:55 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 10:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffdab]
khffdab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 09/01/2008 11:30 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

-- End of Deckard's System Scanner: finished at 2008-04-23 20:20:36 ------------

and here's the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.48 MiB / 512.7 MiB
Pagefile Memory (total/avail): 2461.98 MiB / 2061.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 57.09 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200JD-00GBB0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Pro Firewall v5.5.094.000 (Zone Labs, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:File Transfer Program"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jacqui\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JACQUI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jacqui
LOGONSERVER=\\JACQUI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\oracle\ora81\bin;C:\Program Files\Oracle\jre\1.1.7\bin;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jacqui\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jacqui\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=JACQUI
USERNAME=Jacqui
USERPROFILE=C:\Documents and Settings\Jacqui
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jacqui (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\ITE Raid Driver Setup\Uninst.isu"
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Amazing Mahjongg CE 1.2.5 --> "C:\Documents and Settings\Jacqui\My Documents\phone stuff\downloads for pda\Amazing Mahjongg CE\unins000.exe"
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93016515-95C8-450B-A7ED-B968CA9103B5}\Setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVI to VCD/DVD 4.02 --> "C:\Program Files\Cucusoft\avi-vcd-dvd\unins000.exe"
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled for Pocket PC --> C:\Program Files\Astraware\Bejeweled for Pocket PC\uninst.exe
C-Media Azalia Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 7.0 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins001.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Cucusoft Ultimate DVD + Video Converter Suite 7.12.7.6 --> "C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
DRIFT2000 --> MsiExec.exe /I{3E1ED9B1-BE90-440B-A1EC-64E2660E3B83}
DriverCD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GIGABYTE\DriverCD\Uninst.isu"
DVD-CLONER V3.10 Build 893 --> "C:\My Download Files\Dvd-cloner\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe"
e-tax 2005 --> C:\etax2005\e-tax 2005_uninstall.exe
e-tax 2006 --> C:\etax2006\e-tax 2006_uninstall.exe
e-tax 2007 --> C:\etax2007\e-tax 2007_uninstall.exe
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
Family Tree Maker --> C:\FTW\uninstal.exe
Formatter Plus V1.3 --> C:\PROGRA~1\QUESTS~1\TOAD\Help\UNWISE.EXE C:\PROGRA~1\QUESTS~1\TOAD\Help\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HiDownload --> C:\PROGRA~1\HIDOWN~1\UNWISE.EXE C:\PROGRA~1\HIDOWN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Legacy 5.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MailWasher Pro --> "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee VirusScan --> MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Digital Image Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3225}
Microsoft Digital Image Pro 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0905}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft NetShow Tools 2.0 --> C:\Program Files\Microsoft NetShow\Tools\_insttoo.exe /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MindManager X5 Pro --> MsiExec.exe /I{B702FCEF-5875-491C-B50C-A4B457617EC6}
MindManager X5 Tutorials --> MsiExec.exe /X{847E635F-2D12-4940-8D2D-71BAD8D16590}
MindManager X5 Viewer --> MsiExec.exe /I{CA29A4A2-E3D7-41B7-B0F6-95C5413BDEEC}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Momento 3.5.3 --> C:\Program Files\Momento\Uninstall.exe
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MyHeritage Family Tree Builder --> C:\Documents and Settings\Jacqui\My Documents\Genealogy\MyHeritage\Bin\Uninstall.exe
Nero 7 Essentials --> MsiExec.exe /I{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org 2.0 --> MsiExec.exe /I{24C242C0-28C0-43C8-A0A1-FE181F3B3319}
Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
PDF-XChange 3.0 --> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Polaroid PDC 330 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{953C80C1-E72A-11D4-BEBE-00606733A9BE}\setup.exe"
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
print@camerahouse --> "C:\Program Files\print@camerahouse\Uninstall.exe" "C:\Program Files\print@camerahouse\install.log"
print@camerahouse --> "C:\Program Files\print@camerahouse\Uninstall.exe" "C:\Program Files\print@camerahouse\install.log" -u
Pure Sudoku 1.12 --> "C:\Program Files\Pure Sudoku\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari --> MsiExec.exe /X{D3AF2412-12DA-4FC1-A326-9F2D746C0DDA}
Security Task Manager 1.6f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SiSoftware Sandra Lite XI (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Skype™ for Pocket PC 2.2 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{CB0EAA54-406C-4119-9A63-EDD0DC1B2B47}
SOTI Pocket Controller-Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL
Spb Backup --> C:\Program Files\Microsoft ActiveSync\SpbBackup\Uninstall.exe Spb Backup
Spb Full Screen Keyboard --> C:\Program Files\Microsoft ActiveSync\Spb Full Screen Keyboard\Uninstall.exe Spb Full Screen Keyboard
Spb GPRS Monitor --> C:\Program Files\Microsoft ActiveSync\Spb GPRS Monitor\Uninstall.exe Spb GPRS Monitor
Spb Mobile Shell --> C:\Program Files\Microsoft ActiveSync\SpbMobileShell\Uninstall.exe Spb Mobile Shell
Spb Pocket Plus --> C:\Program Files\Microsoft ActiveSync\Spb Pocket Plus\Uninstall.exe Spb Pocket Plus
Spybot - Search & Destroy 1.4 --> "C:\Anti virus programmes\Spy bot\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Super Collapse! III --> C:\WINDOWS\iun6002.exe "C:\Program Files\GameHouse\irunin.ini"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Master Genealogist (for All Users) --> C:\Program Files\The Master Genealogist\UNWISE.EXE /U "C:\Program Files\The Master Genealogist\INSTALL.LOG" Uninstall The Master Genealogist (for All Users)
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Trivia Machine v1.3 --> "C:\Program Files\Trivia Machine\unins000.exe"
TVUPlayer 2.3.2.32 --> C:\Program Files\TVUPlayer\uninst.exe
Uninstall Startup Inspector --> "C:\Program Files\Startup Inspector for Windows\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
What's Running 2.2 --> "C:\Program Files\WhatsRunning\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\Winzip32.exe" /uninstall
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type27246 / Error
Event Submitted/Written: 04/23/2008 08:18:50 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type27245 / Error
Event Submitted/Written: 04/23/2008 08:18:50 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type27244 / Warning
Event Submitted/Written: 04/23/2008 07:32:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type27243 / Warning
Event Submitted/Written: 04/23/2008 07:32:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type27242 / Warning
Event Submitted/Written: 04/23/2008 07:32:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type17526 / Error
Event Submitted/Written: 04/23/2008 07:29:27 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Nortel Extranet Access Protocol service failed to start due to the following error:
%%2

Event Record #/Type17515 / Warning
Event Submitted/Written: 04/22/2008 09:13:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17491 / Error
Event Submitted/Written: 04/22/2008 06:57:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Nortel Extranet Access Protocol service failed to start due to the following error:
%%2

Event Record #/Type17455 / Error
Event Submitted/Written: 04/21/2008 06:58:10 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Nortel Extranet Access Protocol service failed to start due to the following error:
%%2

Event Record #/Type17435 / Warning
Event Submitted/Written: 04/19/2008 04:34:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-04-23 20:20:36 ------------

#4
Stamper19

Posted 23 April 2008 - 05:47 AM

Expert

Expert
1,992 posts

Hi jacquic,

Looks like there are still some remnants of the vundo floating around. Lets run a scan to see what it picks up and then we can get the rest manually.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#5
jacquic

Posted 23 April 2008 - 10:18 AM

Member

Topic Starter
Member
11 posts

I really am appreciating your help here.

The programme wouldn't let me update it. Error message i got was 'Update failed. Make sure your connected to the Internet and your firewall is set to allow Malwarebytes Anti-Malware to access the internet'.

Firewall wasn't even on at the time.

Here's the logfile.

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Quick Scan
Objects scanned: 31470
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by jacquic, 23 April 2008 - 10:23 AM.

#6
Stamper19

Posted 23 April 2008 - 10:21 AM

Expert

Expert
1,992 posts

I really am appreciating your help here.

My pleasure

Please delete and previous versions of Combofix. After that please follow the instructions below to download a fresh version and run it.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#7
jacquic

Posted 23 April 2008 - 02:36 PM

Member

Topic Starter
Member
11 posts

Here we go:

ComboFix 08-04-22.5 - Jacqui 2008-04-24 2:28:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 10:00]
Running from: C:\Documents and Settings\Jacqui\My Documents\My Downloads\Dowloads from Mozilla\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\Malwarebytes
2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 20:14 . 2008-04-23 20:14 <DIR> d-------- C:\Deckard
2008-04-18 23:25 . 2008-04-18 23:25 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-04-10 20:29 . 2008-04-10 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 20:29 . 2008-04-10 20:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 07:45 . 2008-04-06 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-05 13:42 . 2008-04-05 15:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-05 13:42 . 2008-04-05 13:42 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\SUPERAntiSpyware.com
2008-04-05 13:42 . 2008-04-05 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\CleanUp!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 20:13 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Skype
2008-04-23 16:04 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\MailWasherPro
2008-04-18 13:21 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-17 09:29 2,635,264 ----a-w C:\WINDOWS\Internet Logs\xDB17D.tmp
2008-04-17 09:28 5,797,376 ----a-w C:\WINDOWS\Internet Logs\xDB17C.tmp
2008-04-14 08:59 9,969,879 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-11 22:07 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\skypePM
2008-04-10 12:24 --------- d-----w C:\Program Files\Google
2008-04-06 10:12 --------- d-----w C:\Program Files\mIRC
2008-04-05 10:53 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Image Zone Express
2008-04-05 10:19 --------- d-----w C:\Program Files\TomTom HOME
2008-04-05 10:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 04:13 --------- d-----w C:\Program Files\a-squared Free
2008-04-05 03:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 19:06 2,732,544 ----a-w C:\WINDOWS\Internet Logs\xDB17B.tmp
2008-03-30 17:26 5,754,368 ----a-w C:\WINDOWS\Internet Logs\xDB17A.tmp
2008-03-29 08:53 --------- d-----w C:\Program Files\Nero
2008-03-29 08:53 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Nero
2008-03-28 11:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:04 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-20 10:03 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\InstallShield
2008-03-20 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-20 09:44 --------- d-----w C:\Program Files\HP
2008-03-20 09:44 --------- d-----w C:\Program Files\Common Files\HP
2008-03-20 07:44 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Simple Star
2008-03-20 07:40 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2008-03-20 07:38 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-19 10:10 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-15 05:02 --------- d-----w C:\Program Files\Logitech
2008-03-14 11:49 --------- d-----w C:\Program Files\Trend Micro
2008-03-14 11:33 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-14 11:11 --------- d-----w C:\Program Files\Java
2008-03-14 10:39 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-11 15:33 5,545,472 ----a-w C:\WINDOWS\Internet Logs\xDB178.tmp
2008-03-11 09:50 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB179.tmp
2008-03-11 09:28 5,549,568 ----a-w C:\WINDOWS\Internet Logs\xDB176.tmp
2008-03-11 03:27 43,008 ----a-w C:\WINDOWS\Internet Logs\xDB177.tmp
2008-03-07 01:19 61,952 ----a-w C:\WINDOWS\Internet Logs\xDB175.tmp
2008-03-06 23:15 5,540,864 ----a-w C:\WINDOWS\Internet Logs\xDB174.tmp
2008-03-06 11:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-06 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-05 15:44 5,540,864 ----a-w C:\WINDOWS\Internet Logs\xDB172.tmp
2008-03-05 15:44 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB173.tmp
2008-03-05 15:43 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-04 13:38 5,534,208 ----a-w C:\WINDOWS\Internet Logs\xDB170.tmp
2008-03-04 11:42 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB171.tmp
2008-03-04 11:19 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB16F.tmp
2008-03-04 11:14 5,537,792 ----a-w C:\WINDOWS\Internet Logs\xDB16E.tmp
2008-03-03 11:40 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Azureus
2008-03-03 03:54 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-03 03:48 --------- d-----w C:\Program Files\Skype
2008-03-03 03:48 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-03 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-29 07:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-28 07:21 5,480,448 ----a-w C:\WINDOWS\Internet Logs\xDB16C.tmp
2008-02-28 07:21 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB16D.tmp
2008-02-27 19:05 5,490,176 ----a-w C:\WINDOWS\Internet Logs\xDB16A.tmp
2008-02-27 11:53 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB16B.tmp
2008-02-26 19:57 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB169.tmp
2008-02-26 19:29 5,500,416 ----a-w C:\WINDOWS\Internet Logs\xDB168.tmp
2008-02-25 08:21 --------- d-----w C:\Program Files\Cucusoft
2008-02-25 04:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-25 04:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-23 22:15 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\NeroDigital™
2008-02-23 09:24 --------- d-----w C:\Program Files\AskTBar
2008-02-23 07:11 --------- d-----w C:\Program Files\Ahead
2008-02-23 07:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-23 05:35 --------- d-----w C:\Program Files\FireTrust
2008-02-22 23:59 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB167.tmp
2008-02-22 19:12 5,309,440 ----a-w C:\WINDOWS\Internet Logs\xDB166.tmp
2008-02-21 10:28 5,304,832 ----a-w C:\WINDOWS\Internet Logs\xDB164.tmp
2008-02-21 09:30 122,368 ----a-w C:\WINDOWS\Internet Logs\xDB165.tmp
2008-02-09 23:27 5,250,560 ----a-w C:\WINDOWS\Internet Logs\xDB162.tmp
2008-02-09 23:27 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB163.tmp
2008-02-09 20:12 5,250,560 ----a-w C:\WINDOWS\Internet Logs\xDB160.tmp
2008-02-09 10:43 86,016 ----a-w C:\WINDOWS\Internet Logs\xDB161.tmp
2008-02-03 10:26 364,544 ----a-w C:\WINDOWS\system32\cdg.dll
2008-01-31 13:25 5,246,976 ----a-w C:\WINDOWS\Internet Logs\xDB15E.tmp
2008-01-31 10:16 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB15F.tmp
2008-01-29 17:27 5,249,536 ----a-w C:\WINDOWS\Internet Logs\xDB15C.tmp
2008-01-29 15:07 135,168 ----a-w C:\WINDOWS\Internet Logs\xDB15D.tmp
2005-07-19 08:42 771,624 -c--a-w C:\Documents and Settings\Jacqui\ppctl.dll
2004-12-22 04:40 9,604,409 -c--a-w C:\Documents and Settings\Games\Bejeweled2setup.zip
2004-12-18 00:18 9,751,760 -c--a-w C:\Documents and Settings\Games\Bejeweled2Setup.exe
2004-12-16 11:47 5,180,760 -c--a-w C:\Documents and Settings\Jacqui\CONFIGW.EXE
2004-10-24 16:26 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-14_22.39.54.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-04 04:45:32 2,890,240 -c----w C:\WINDOWS\$NtUninstallKB916089$\msi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB916089$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB916089$\spuninst\updspapi.dll
+ 2006-11-01 20:22:52 51,680 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2006-10-08 10:51:14 221,488 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2006-10-08 10:51:14 379,184 -c----w C:\WINDOWS\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2003-12-02 00:23:04 69,632 ----a-w C:\WINDOWS\asyncdiag.dll
+ 2008-04-23 20:15:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-02-25 03:53:06 45,056 ----a-w C:\WINDOWS\devenum.exe
+ 2005-07-05 15:00:00 2,390 -c--a-w C:\WINDOWS\Downloaded Program Files\catalog.dat
+ 2005-07-05 15:00:00 1,957 -c--a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat
+ 2005-07-13 00:26:23 2,072 -c--a-w C:\WINDOWS\Downloaded Program Files\vscanmsx.dat
- 2000-08-30 21:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-30 21:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-30 22:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-30 22:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-01-15 00:13:56 99,712 ----a-w C:\WINDOWS\HPBroker.dll
+ 2008-03-20 10:06:47 10,134 ----a-r C:\WINDOWS\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
+ 2008-03-20 10:03:52 10,134 ----a-r C:\WINDOWS\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
+ 2008-03-20 09:44:48 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
+ 2008-03-20 09:44:49 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
+ 2008-03-20 09:44:49 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
+ 2008-03-20 09:44:49 65,536 ----a-r C:\WINDOWS\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
+ 2008-03-20 10:17:00 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2008-03-20 10:17:00 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2008-03-20 10:17:01 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2008-03-20 07:36:21 25,214 ----a-r C:\WINDOWS\Installer\{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}\ARPPRODUCTICON.exe
+ 2008-04-05 09:05:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-04-05 09:05:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-05 09:05:30 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2005-05-20 03:46:56 28,160 ----a-w C:\WINDOWS\KHALMNPR.Exe
+ 2007-11-28 15:17:20 55,824 ----a-w C:\WINDOWS\KHALMNPR.Exe
+ 2006-05-18 19:20:35 319,488 ----a-w C:\WINDOWS\Nero PhotoShow.scr
- 2000-08-30 21:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-30 22:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2004-12-16 07:13:40 2,722 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-30 22:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-30 22:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-30 22:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-30 22:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
+ 2008-01-09 01:26:50 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
+ 2004-08-04 12:00:00 1,788 -c--a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 12:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2004-08-03 11:58:34 24,576 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2004-08-04 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2005-05-04 04:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2006-10-11 22:11:56 2,829,824 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2004-08-04 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-04 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2004-08-04 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 12:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2004-08-04 12:00:00 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-03 11:58:34 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2007-11-28 15:17:48 35,088 ----a-w C:\WINDOWS\system32\drivers\LHidFilt.Sys
+ 2007-11-28 15:17:56 36,368 ----a-w C:\WINDOWS\system32\drivers\LMouFilt.Sys
- 2007-02-03 18:27:15 14,240 ----a-r C:\WINDOWS\system32\drivers\lv302af.sys
+ 2007-10-12 01:55:58 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
- 2007-02-03 18:27:27 938,272 ----a-r C:\WINDOWS\system32\drivers\LV302V32.SYS
+ 2007-10-12 01:55:58 1,279,000 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
- 2007-02-06 06:42:40 1,691,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
+ 2007-10-19 02:16:30 2,109,976 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
- 2007-02-06 06:44:36 1,964,064 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
+ 2007-10-11 07:59:02 2,142,488 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
- 2007-02-06 06:45:04 25,632 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
+ 2007-10-11 07:59:24 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
- 2007-02-03 18:32:34 41,504 ----a-r C:\WINDOWS\system32\drivers\LVUSBSta.sys
+ 2007-10-12 02:00:42 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
+ 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2006-11-01 20:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-01 20:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2006-11-21 02:02:40 847,392 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lv321av.sys
+ 2006-11-21 02:04:11 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvcodec2.dll
+ 2006-11-21 02:04:23 121,632 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvcoinst.dll
+ 2006-11-21 02:07:02 211,744 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\LVUI2.dll
+ 2006-11-21 02:07:13 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\LVUI2RC.dll
+ 2006-11-21 02:07:47 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\msvcr71.dll
+ 2007-02-03 18:27:55 490,784 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LV561AV.sys
+ 2007-02-03 18:29:07 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\WUApp32.exe
+ 2007-10-12 01:56:20 490,776 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LV561AV.sys
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\LVUSBSta.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvELCHv_BBE6DEA618C212D1D4C404825FD824D3C6FE5D57\WUApp32.exe
+ 2007-10-12 01:55:58 13,848 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lv302af.sys
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\lvcoinst.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\LVUSBSta.sys
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2s_62F19BA954DED83DBA6DF160C36D5918D3EEA33F\WUApp32.exe
+ 2007-10-12 01:55:58 1,279,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LV302V32.SYS
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\LVUSBSta.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPEPI2v_19F47D0F20E353A86247DADE40C70EC0358A7AE9\WUApp32.exe
+ 2007-02-03 18:27:15 14,240 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\lv302af.sys
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\lvcoinst.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\WUApp32.exe
+ 2007-02-03 18:27:27 938,272 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LV302V32.SYS
+ 2007-02-03 18:29:07 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\WUApp32.exe
+ 2007-02-03 18:31:33 66,848 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3c_614DC83852B13504853C99BAD2166FFB56D07935\lvselsus.sys
+ 2007-02-03 18:32:58 22,560 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3c_614DC83852B13504853C99BAD2166FFB56D07935\lvuvcflt.sys
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvcoinst.dll
+ 2007-02-03 18:30:57 1,507,232 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvpopflt.sys
+ 2007-02-03 18:31:33 66,848 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvselsus.sys
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\WUApp32.exe
+ 2007-02-03 18:29:07 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUSBSta.sys
+ 2007-02-03 18:32:45 1,939,360 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvuvc.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\WUApp32.exe
+ 2007-10-12 02:01:06 23,832 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5c_F4502E86C545666FAEEA2E5BC0ECF142B1B952DA\lvuvcflt.sys
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvcoinst.dll
+ 2007-10-12 01:59:12 1,920,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvpopflt.sys
+ 2007-10-12 02:00:08 2,091,800 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvrs.sys
+ 2007-10-12 02:00:20 66,456 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\lvselsus.sys
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\LVUSBSta.sys
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5s_FF147DEF58280327E126F11A9918B00DAAF40F64\WUApp32.exe
+ 2007-10-12 01:57:28 416,280 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvcoinst.dll
+ 2007-10-12 02:00:20 490,008 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2.dll
+ 2007-10-12 02:00:32 465,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUI2RC.dll
+ 2007-10-12 02:00:42 41,752 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\LVUSBSta.sys
+ 2007-10-12 02:00:54 3,647,384 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvuvc.sys
+ 2007-10-12 02:01:28 236,056 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\lvWIAext.dll
+ 2007-10-12 02:03:10 439,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\lvPRO5v_D6FAB2B0793183BA050A90A5CC9D79EF71551623\WUApp32.exe
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\lvcoinst.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\WUApp32.exe
+ 2007-02-03 18:25:55 1,075,360 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\Camdrl.sys
+ 2007-02-03 18:26:06 154,400 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\CamExL20.dll
+ 2007-02-03 18:29:07 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\WUApp32.exe
+ 2006-11-21 02:06:28 65,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213c_2ED6B19949B63F5F3BD3FC5BAC40FE63CEFC27E0\lvselsus.sys
+ 2006-11-21 02:07:36 21,536 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213c_2ED6B19949B63F5F3BD3FC5BAC40FE63CEFC27E0\lvuvcflt.sys
+ 2006-11-21 02:04:11 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvcodec2.dll
+ 2006-11-21 02:04:23 121,632 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvcoinst.dll
+ 2006-11-21 02:07:02 211,744 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUI2.dll
+ 2006-11-21 02:07:13 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUI2RC.dll
+ 2006-11-21 02:07:25 40,352 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUSBSta.sys
+ 2006-11-21 02:07:36 1,085,216 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvuvc.sys
+ 2006-11-21 02:07:47 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\msvcr71.dll
+ 2007-01-09 00:51:58 65,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYc_96D0E39DE53FC74E2F1845FA7AA7B24B9CABD2E1\lvselsus.sys
+ 2007-01-09 00:52:32 21,536 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYc_96D0E39DE53FC74E2F1845FA7AA7B24B9CABD2E1\lvuvcflt.sys
+ 2007-01-09 00:51:35 121,632 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvcoinst.dll
+ 2007-01-09 00:51:47 1,512,224 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvpopflt.sys
+ 2007-01-09 00:51:58 65,824 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvselsus.sys
+ 2007-01-09 00:52:21 40,352 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\LVUSBSta.sys
+ 2007-01-09 00:51:24 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvcodec2.dll
+ 2007-01-09 00:51:35 121,632 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvcoinst.dll
+ 2007-01-09 00:52:09 211,744 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUI2.dll
+ 2007-01-09 00:52:09 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUI2RC.dll
+ 2007-01-09 00:52:21 40,352 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUSBSta.sys
+ 2007-01-09 00:52:32 1,085,216 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvuvc.sys
+ 2007-01-09 00:52:36 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\msvcr71.dll
+ 2007-01-09 00:53:12 847,392 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lv321av.sys
+ 2007-01-09 00:53:23 264,992 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvcodec2.dll
+ 2007-01-09 00:53:35 121,632 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvcoinst.dll
+ 2007-01-09 00:53:47 211,744 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\LVUI2.dll
+ 2007-01-09 00:53:58 527,136 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\LVUI2RC.dll
+ 2007-01-09 00:54:05 166,688 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r C:\WINDOWS\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\msvcr71.dll
+ 2004-05-27 04:00:52 118,784 ----a-r C:\WINDOWS\system32\HPODXPAT.DLL
+ 2006-03-14 01:49:15 1,568,768 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-14 01:49:16 476,320 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-14 01:49:15 262,144 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-14 01:49:16 471,040 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2008-01-09 01:27:54 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
+ 2008-01-09 01:28:00 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll
+ 2008-01-09 01:28:06 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
+ 2008-01-09 01:28:12 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll
+ 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
+ 2007-10-12 01:57:40 195,096 ----a-w C:\WINDOWS\system32\lvci1150.dll
- 2007-02-03 18:29:07 264,992 ----a-r C:\WINDOWS\system32\lvcodec2.dll
+ 2007-10-12 01:57:28 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
- 2007-02-03 18:32:21 215,840 ----a-r C:\WINDOWS\system32\LVUI2.dll
+ 2007-10-12 02:00:20 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
- 2007-02-03 18:32:21 527,136 ----a-r C:\WINDOWS\system32\LVUI2RC.dll
+ 2007-10-12 02:00:32 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
+ 2004-08-04 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
- 2005-05-04 04:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2006-10-11 22:11:56 2,829,824 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-02-16 04:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2004-08-04 12:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
- 2007-10-28 06:51:42 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-07 08:18:49 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 06:51:42 314,816 -c--a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-07 08:18:49 314,816 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-03-14 01:49:17 38,912 ----a-w C:\WINDOWS\system32\picn20.dll
+ 2004-08-04 12:00:00 24,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\kbdclass.sys
+ 2004-08-03 11:58:36 14,848 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\kbdhid.sys
+ 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
- 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-08 10:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2001-07-21 07:57:08 1,948 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPNDDE2K.DAT
- 2005-06-27 22:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-08 10:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-03-14 01:49:16 106,496 ----a-w C:\WINDOWS\system32\TwnLib20.dll
+ 2006-03-14 01:49:17 364,544 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
+ 2004-12-27 23:59:11 2,272 -c--a-w C:\WINDOWS\system32\w95inf16.dll
+ 2007-06-22 00:34:02 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
+ 2004-08-04 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2004-08-04 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-02-03 18:33:09 166,688 ----a-r C:\WINDOWS\twain_32\QuickCam\lvWIAext.dll
+ 2007-10-12 02:01:28 236,056 ----a-w C:\WINDOWS\twain_32\QuickCam\lvWIAext.dll
+ 2005-09-12 05:13:46 233,472 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2005-09-12 05:13:46 233,472 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2005-09-12 05:13:46 233,472 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2005-09-12 05:13:46 233,472 ----a-w C:\WINDOWS\UNRecode.exe
+ 2000-08-30 22:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-30 22:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 17:04 497376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 01:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 18:08 53248]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 15:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 15:37 2178832]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 01:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

C:\Documents and Settings\Jacqui\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-02-23 15:35:33 16667786]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-18 23:25:33 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-20 20:04:15 789008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 10:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffdab]
khffdab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 11:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.MPG4"= msscmc32.dll
"VIDC.TR20"= tr2032.dll
"msacm.voxacm119"= vdk32119.acm
"vidc.vivo"= ivvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 13:03]
R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-30 03:51]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-26 15:51]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 11:11]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-05-14 19:01]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 13:50]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 11:04]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-24 08:38]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 11:04]
S3 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]
S3 CA500AI;Polaroid PDC 330 Still Image Capture;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2002-07-19 14:29]
S3 CA500AV;Polaroid PDC 330 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-10-02 17:17]
S3 flatbus;NEC WMC USB_BK1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\flatbus.sys [2005-07-07 14:39]
S3 flatmdfl;NEC WMC USB_BK1 Modem Filter;C:\WINDOWS\system32\DRIVERS\flatmdfl.sys [2005-07-07 14:39]
S3 flatmdm;NEC WMC USB_BK1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\flatmdm.sys [2005-07-07 14:39]
S3 flatobex;NEC WMC USB_BK1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\flatobex.sys [2005-07-07 14:39]
S3 genmcmn;ViewMate Optical PS2 Mouse MC204 Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2001-08-16 09:52]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-08-12 11:55]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-08-12 11:55]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-08-12 11:55]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-08-12 11:55]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-08-12 11:55]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 10:55]
S3 OracleOraHome81ManagementServer;OracleOraHome81ManagementServer;C:\oracle\ora81\bin\OMSNTsrv.exe [2005-02-21 18:16]
S3 QCAbsee;Logitech QuickCam Web(PID_0801);C:\WINDOWS\system32\DRIVERS\LVCA.sys [2001-09-24 08:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 06:16:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\VSStat.exe
C:\Program Files\Network Associates\VirusScan\vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\WebScanX.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-04-24 6:26:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 20:26:27
ComboFix2.txt 2008-03-14 11:40:12

Pre-Run: 61,263,872,000 bytes free
Post-Run: 61,246,398,464 bytes free

540

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:58 AM, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

#8
Stamper19

Posted 24 April 2008 - 06:49 AM

Expert

Expert
1,992 posts

Hi jacquic,

First, I see that you are running, or have previously installed, Azureus. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall Azureus.

----------------------------------------------------------------

We are going to use ComboFix to delete some things.

Copy the entire contents of the Code Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

File::
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffdab]

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:

ComboFix Log
Kapersky Log
Fresh HiJackThis Log

#9
jacquic

Posted 25 April 2008 - 08:15 AM

Member

Topic Starter
Member
11 posts

Latest logs - i hope we're sucessful

ComboFix 08-04-22.5 - Jacqui 2008-04-25 1:20:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.233 [GMT 10:00]
Running from: C:\Documents and Settings\Jacqui\My Documents\My Downloads\Dowloads from Mozilla\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacqui\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\Malwarebytes
2008-04-24 02:09 . 2008-04-24 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 20:14 . 2008-04-23 20:14 <DIR> d-------- C:\Deckard
2008-04-10 20:29 . 2008-04-10 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 20:29 . 2008-04-10 20:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 07:45 . 2008-04-06 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-05 13:42 . 2008-04-05 15:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-05 13:42 . 2008-04-05 13:42 <DIR> d-------- C:\Documents and Settings\Jacqui\Application Data\SUPERAntiSpyware.com
2008-04-05 13:42 . 2008-04-05 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\CleanUp!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 20:43 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Skype
2008-04-24 15:14 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\MailWasherPro
2008-04-18 13:21 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-11 22:07 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\skypePM
2008-04-10 12:24 --------- d-----w C:\Program Files\Google
2008-04-06 10:12 --------- d-----w C:\Program Files\mIRC
2008-04-05 10:53 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Image Zone Express
2008-04-05 10:19 --------- d-----w C:\Program Files\TomTom HOME
2008-04-05 10:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 04:13 --------- d-----w C:\Program Files\a-squared Free
2008-04-05 03:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 08:53 --------- d-----w C:\Program Files\Nero
2008-03-29 08:53 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Nero
2008-03-28 11:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-20 10:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:04 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-20 10:03 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\InstallShield
2008-03-20 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-20 09:44 --------- d-----w C:\Program Files\HP
2008-03-20 09:44 --------- d-----w C:\Program Files\Common Files\HP
2008-03-20 07:44 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Simple Star
2008-03-20 07:40 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2008-03-20 07:38 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-19 10:10 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-15 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-15 05:02 --------- d-----w C:\Program Files\Logitech
2008-03-14 11:49 --------- d-----w C:\Program Files\Trend Micro
2008-03-14 11:33 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-14 11:11 --------- d-----w C:\Program Files\Java
2008-03-14 10:39 --------- d-----w C:\Program Files\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Yahoo!
2008-03-14 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-06 11:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-06 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-03 11:40 --------- d-----w C:\Documents and Settings\Jacqui\Application Data\Azureus
2008-03-03 03:54 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-03 03:48 --------- d-----w C:\Program Files\Skype
2008-03-03 03:48 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-03 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-29 07:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-25 08:21 --------- d-----w C:\Program Files\Cucusoft
2008-02-25 04:21 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-02-25 04:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2005-07-19 08:42 771,624 -c--a-w C:\Documents and Settings\Jacqui\ppctl.dll
2004-12-22 04:40 9,604,409 -c--a-w C:\Documents and Settings\Games\Bejeweled2setup.zip
2004-12-18 00:18 9,751,760 -c--a-w C:\Documents and Settings\Games\Bejeweled2Setup.exe
2004-12-16 11:47 5,180,760 -c--a-w C:\Documents and Settings\Jacqui\CONFIGW.EXE
2004-10-24 16:26 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-24_ 6.26.11.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 20:15:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 21:35:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43 57344]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 17:04 497376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 01:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 18:08 53248]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 15:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 15:37 2178832]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 01:17 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

C:\Documents and Settings\Jacqui\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-02-23 15:35:33 16667786]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-18 23:25:33 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-20 20:04:15 789008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 10:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffdab]
khffdab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 11:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.MPG4"= msscmc32.dll
"VIDC.TR20"= tr2032.dll
"msacm.voxacm119"= vdk32119.acm
"vidc.vivo"= ivvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 13:03]
R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-30 03:51]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-26 15:51]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 11:11]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-05-14 19:01]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-04-22 13:50]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 11:04]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-24 08:38]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-08-06 11:04]
S3 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 03:47]
S3 CA500AI;Polaroid PDC 330 Still Image Capture;C:\WINDOWS\system32\Drivers\BULKUSB.sys [2002-07-19 14:29]
S3 CA500AV;Polaroid PDC 330 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [2002-10-02 17:17]
S3 flatbus;NEC WMC USB_BK1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\flatbus.sys [2005-07-07 14:39]
S3 flatmdfl;NEC WMC USB_BK1 Modem Filter;C:\WINDOWS\system32\DRIVERS\flatmdfl.sys [2005-07-07 14:39]
S3 flatmdm;NEC WMC USB_BK1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\flatmdm.sys [2005-07-07 14:39]
S3 flatobex;NEC WMC USB_BK1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\flatobex.sys [2005-07-07 14:39]
S3 genmcmn;ViewMate Optical PS2 Mouse MC204 Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2001-08-16 09:52]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-08-12 11:55]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-08-12 11:55]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-08-12 11:55]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-08-12 11:55]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-08-12 11:55]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 10:55]
S3 OracleOraHome81ManagementServer;OracleOraHome81ManagementServer;C:\oracle\ora81\bin\OMSNTsrv.exe [2005-02-21 18:16]
S3 QCAbsee;Logitech QuickCam Web(PID_0801);C:\WINDOWS\system32\DRIVERS\LVCA.sys [2001-09-24 08:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 06:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 07:37:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\VirusScan\VSStat.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\WebScanX.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-04-25 7:47:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 21:47:15
ComboFix2.txt 2008-04-23 20:26:37
ComboFix3.txt 2008-03-14 11:40:12

Pre-Run: 61,208,494,080 bytes free
Post-Run: 61,200,646,144 bytes free

248

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 12:12:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 724982
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 140646
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 02:08:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\MailWasherPro\Training\Training archive - junk.rot135 Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\MailWasherPro\Training\Training archive - legitimate.rot135 Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\history.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\key3.db Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jacqui\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jacqui\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj6hwmi7.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\History\History.IE5\MSHist012008042520080426\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Jacqui\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui\My Documents\Torrent downloads\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro Full Version\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\Jacqui\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jacqui\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Internet Apps\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Internet Apps\mirc616.exe mIRC: infected - 1 skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jacqui\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fyimvhoy.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gflpuide.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hhdsidrp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\judxlhgp.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mienfkrx.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pwghuevt.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rdulrfky.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rktgnoov.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tratlbqr.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\waengqgb.dll.vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C9CA778B-45D2-4C97-9151-080E58E3344D}\RP52\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JACQUI.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\WebPoolFileFile Object is locked skipped
C:\WINDOWS\Temp\ZLT02308.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:10 AM, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - http://h50203.www5.h...SPEIPAQTool.CAB
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124182726578
O16 - DPF: {769F454F-A488-11D4-AA30-005004C3096A} (DME Web Support) - http://dmetaf.in.tel...bcab/ckoweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khffdab - khffdab.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81ManagementServer - Unknown owner - C:\oracle\ora81\bin\OMSNTsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 11444 bytes

#10
Stamper19

Posted 25 April 2008 - 06:45 PM

Expert

Expert
1,992 posts

Hi jacquic,

i hope we're sucessful

Things are looking good. We just need to deal with a couple of things.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: khffdab - khffdab.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these FILES (if present):

C:\Documents and Settings\Jacqui\My Documents\Torrent downloads\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro Full Version\Cucusoft MPEG AVI to DVD VCD SVCD Converter Pro.exe

After that, post a new HijackThis log here in your next reply.

Also, let me know how the computer is running.

#11
jacquic

Posted 25 April 2008 - 07:09 PM

Member

Topic Starter
Member
11 posts

Well my computer has been running a bit sluggish. Is that where the little bugga was hiding?

here's the latest Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:49 AM, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - http://h50203.www5.h...SPEIPAQTool.CAB
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124182726578
O16 - DPF: {769F454F-A488-11D4-AA30-005004C3096A} (DME Web Support) - http://dmetaf.in.tel...bcab/ckoweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81ManagementServer - Unknown owner - C:\oracle\ora81\bin\OMSNTsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 11230 bytes

#12
Stamper19

Posted 26 April 2008 - 10:55 AM

Expert

Expert
1,992 posts

Well my computer has been running a bit sluggish. Is that where the little bugga was hiding?

That was actually just a leftover that wasnt doing anything. Your logs actually look good at this point. Lets see if we cant speed up your system a bit.

Let's try to speed your system.

Prefetch is clickable for more information

Click Start then Run, type prefetch then press ENTER, click Edit then select all (all files will highlight), right click any file, click Delete, confirm,
Click Start then All Programs, Accessories, System Tools to run Disc Cean Up
Reboot
Click Start then All Programs, Accessories, System Tools to run Defragmenter

Now we'll run Tune Up

Download, install and run Tune Up 2007 Trial
Run Tune Up disc clean up
Run Tune Up registry clean up
Disable your AntiVirus program, then click Optimize and Improve to run Reg Defrag, the screen will lose color during the process which can take a few minutes and then needs a reboot
Check to make sure your AntiVirus is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot
After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.
After the reboot, click optimize then system optimizer to run system advisor.

#13
jacquic

Posted 26 April 2008 - 05:48 PM

Member

Topic Starter
Member
11 posts

Well, I've washed and scrubbed this computer spotless I hope using the Tune Up application.

So am i finally clean of the little terrors that have haunted me for ages?

You have been an incredible help. I wish i'd found the Waiting Room a lot sooner than i did. But the help I've got from Geekstogo has been invaluable. I'm glad i found the site.

Thank you so much for all your hard work. I have added a little something on paypal, it's not much, but it's all i can afford at the moment.

#14
Stamper19

Posted 26 April 2008 - 06:34 PM

Expert

Expert
1,992 posts

Hello again Jacquic,

You have been an incredible help. I wish i'd found the Waiting Room a lot sooner than i did. But the help I've got from Geekstogo has been invaluable. I'm glad i found the site.

Thank you so much for all your hard work. I have added a little something on paypal, it's not much, but it's all i can afford at the moment.

You are very welcome. It has been my pleasure to help you out

(And thank you for your generosity)

Congrats - your logs are all clean

There is still one thing you should do for the sake of cleaning up.

---------------------------------------------------------------

Time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK
When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

----------------------------------------------------------------

Otherwise, unless you have any questions, you are all set. Included below are some tips for keeping your computer malware free in the future.

Cheers,
Stamper

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialize and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

#15
jacquic

Posted 26 April 2008 - 07:10 PM

Member

Topic Starter
Member
11 posts

Thanks Stamper19,

You more than earnt my donation!

I did the uninstall for ComboFix, but it didn't come up with any disclaimers, just uninstalled it. I'm hoping that, that is fine.

And i have and use, Adaware, Spywareblaster and Spybot and still the little bugga's got me.

Thanks again for all your help. I will be more cautious in future. I certainly i hope I never have to visit this site again, but i'm glad it exists.