Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows security Alert, Name: Trojan-spy.win32.greenscreen [CLOSED]


  • This topic is locked This topic is locked

#1
LiamSmith

LiamSmith

    New Member

  • Member
  • Pip
  • 7 posts
I received an infection that made my backround go white with a picture saying that i had a virus or malware and needed to purchuse an antivirus. I got rid of the backround by running spybot search and destroy it. And then I used Malwarebytes and here is that log file :

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

12:51:16 AM 8/17/2008
mbam-log-8-17-2008 (00-51-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 83311
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 13
Files Infected: 53

Memory Processes Infected:
C:\WINDOWS\system32\lphcg86j0epbn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\blphcg86j0epbn.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg86j0epbn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcl86j0epbn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcg86j0epbn.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcg86j0epbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcg86j0epbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcg86j0epbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.


And here is the hijackthis log :

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

12:51:16 AM 8/17/2008
mbam-log-8-17-2008 (00-51-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 83311
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 13
Files Infected: 53

Memory Processes Infected:
C:\WINDOWS\system32\lphcg86j0epbn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\blphcg86j0epbn.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcg86j0epbn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcl86j0epbn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\rhcl86j0epbn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcl86j0epbn\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssrv32.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcg86j0epbn.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcg86j0epbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcg86j0epbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcg86j0epbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\User-0\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.


Thank you for any help you can offer i noticed this problem is frequent on this sight so i hope you can help.

"sorry for the triple posting when i made this post the trojan was slowing my comp down bad and it didnt say it worked so i clicked the button twice then made a new post, it wasent intentional"

Edited by LiamSmith, 18 August 2008 - 04:26 PM.

  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello LiamSmith, and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Sorry for the delay as you can tell we are quite busy theses days :)


it looks like you posted the Malwarebytes log twice and not a HijackThis log, so please post a fresh HijackThis log :)
  • 0

#3
LiamSmith

LiamSmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:03 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\qtcrwrin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\RunOnce: [SpybotDeletingA9483] command /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5575] cmd /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [webhlp] C:\WINDOWS\system32\qtcrwrin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2488] command /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3864] cmd /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKLM\..\Policies\Explorer\Run: [2HcZixugC0] C:\Documents and Settings\User-0\Desktop\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{637DE053-2661-4E28-8E1C-E405557A521F}: NameServer = 142.177.2.130 142.166.145.137
O18 - Protocol: bw+0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe

--
End of file - 21188 bytes

Sorry about that and thanks for the help.

Also here is a screen shot of what keeps popping up http://img296.images...viruspicfr7.png
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi LiamSmith,


ComboFix

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#5
LiamSmith

LiamSmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Combofix log : ComboFix 08-08-21.02 - User-0 2008-08-23 11:14:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2638 [GMT -3:00]
Running from: C:\Documents and Settings\User-0\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User-0\Application Data\inst.exe
C:\Documents and Settings\User-0\Application Data\macromedia\Flash Player\#SharedObjects\A6YVLZ6W\interclick.com
C:\Documents and Settings\User-0\Application Data\macromedia\Flash Player\#SharedObjects\A6YVLZ6W\interclick.com\ud.sol
C:\Documents and Settings\User-0\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\User-0\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\iexplore.exe
C:\WINDOWS\system32\BReWErS.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-23 10:41 . 2008-08-23 10:41 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-21 17:58 . 2008-08-21 17:58 <DIR> d-------- C:\Program Files\Atari
2008-08-19 03:02 . 2008-08-21 18:04 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-08-18 19:40 . 2008-05-09 07:53 512,000 --------- C:\WINDOWS\system32\dllcache\jscript.dll
2008-08-18 19:40 . 2008-05-09 07:53 430,080 --------- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-08-18 19:40 . 2008-05-09 07:53 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-08-18 19:40 . 2008-05-09 07:53 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-08-18 19:40 . 2008-05-08 08:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe
2008-08-18 19:40 . 2008-05-09 05:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe
2008-08-18 19:40 . 2008-05-09 07:53 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll
2008-08-18 15:07 . 2008-08-18 15:07 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-08-18 15:07 . 2008-08-18 15:07 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-18 15:07 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-18 14:53 . 2008-08-18 14:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-18 14:53 . 2008-08-18 14:53 <DIR> d-------- C:\WINDOWS\Logs
2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-18 14:10 . 2008-08-18 14:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 14:10 . 2008-08-18 14:10 685,056 --a------ C:\WINDOWS\is-8N66V.exe
2008-08-18 14:10 . 2008-08-18 14:10 10,498 --a------ C:\WINDOWS\is-8N66V.msg
2008-08-18 14:10 . 2008-08-18 14:10 460 --a------ C:\WINDOWS\is-8N66V.lst
2008-08-17 01:25 . 2008-08-17 01:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-16 23:52 . 2008-08-18 15:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Malwarebytes
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 23:52 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 23:52 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 21:12 . 2008-08-19 12:29 1,263 --a------ C:\WINDOWS\wininit.ini
2008-08-16 20:49 . 2008-08-16 20:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-16 20:49 . 2008-08-16 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 19:57 . 2008-08-16 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\kpqlybqf
2008-08-16 19:56 . 2008-08-16 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mnwnuvir
2008-08-16 19:56 . 2008-08-16 19:56 86,016 --a------ C:\WINDOWS\system32\qtcrwrin.exe
2008-08-13 15:20 . 2008-07-07 17:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-08-13 15:20 . 2008-06-24 13:43 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-13 15:18 . 2008-05-01 11:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:17 . 2008-04-11 16:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 18:42 . 2008-08-12 18:42 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\DVDFab
2008-08-12 09:16 . 2008-08-12 09:16 244 --ah----- C:\sqmnoopt05.sqm
2008-08-12 09:16 . 2008-08-12 09:16 232 --ah----- C:\sqmdata05.sqm
2008-08-12 09:07 . 2008-08-12 09:07 244 --ah----- C:\sqmnoopt04.sqm
2008-08-12 09:07 . 2008-08-12 09:07 232 --ah----- C:\sqmdata04.sqm
2008-08-11 22:34 . 2008-08-11 22:34 268 --ah----- C:\sqmdata03.sqm
2008-08-11 22:34 . 2008-08-11 22:34 244 --ah----- C:\sqmnoopt03.sqm
2008-08-11 21:44 . 2008-08-11 21:44 244 --ah----- C:\sqmnoopt02.sqm
2008-08-11 21:44 . 2008-08-11 21:44 232 --ah----- C:\sqmdata02.sqm
2008-08-11 16:38 . 2008-08-11 16:38 268 --ah----- C:\sqmdata01.sqm
2008-08-11 16:38 . 2008-08-11 16:38 244 --ah----- C:\sqmnoopt01.sqm
2008-08-11 09:50 . 2008-08-11 09:50 244 --ah----- C:\sqmnoopt00.sqm
2008-08-11 09:50 . 2008-08-11 09:50 232 --ah----- C:\sqmdata00.sqm
2008-08-08 23:43 . 2008-08-08 23:43 <DIR> d-------- C:\WINDOWS\Sun
2008-08-08 23:42 . 2008-08-08 23:42 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\MediaLife
2008-08-07 22:26 . 2008-08-07 22:26 <DIR> d-------- C:\Program Files\Java
2008-08-07 22:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-07 22:24 . 2008-08-07 22:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-07 16:45 . 2008-08-07 16:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-07 16:37 . 2008-08-07 16:37 <DIR> d-------- C:\Program Files\LucasArts
2008-08-07 16:12 . 2008-08-21 22:34 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\LimeWire
2008-08-06 22:50 . 2008-08-06 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-06 22:20 . 2008-08-06 22:20 <DIR> d-------- C:\Program Files\Sun
2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-06 15:18 . 2008-08-06 22:57 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-06 15:18 . 2008-08-21 18:29 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Vso
2008-08-06 15:18 . 2008-08-06 15:18 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-06 15:18 . 2008-08-06 15:18 47,360 --a------ C:\Documents and Settings\User-0\Application Data\pcouffin.sys
2008-08-06 15:04 . 2008-08-21 23:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-06 01:23 . 2008-08-06 06:54 <DIR> d-------- C:\Program Files\LimeWire
2008-08-02 10:15 . 2008-08-02 10:16 <DIR> d-------- C:\Program Files\iTunes
2008-08-02 10:15 . 2008-08-02 10:15 <DIR> d-------- C:\Program Files\iPod
2008-08-02 10:06 . 2008-08-02 10:06 <DIR> d-------- C:\Program Files\Safari
2008-08-01 13:44 . 2008-08-23 00:37 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-01 13:40 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-08-01 13:40 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-08-01 13:40 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-08-01 13:40 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-01 13:40 . 2008-08-01 13:40 22,328 --a------ C:\Documents and Settings\User-0\Application Data\PnkBstrK.sys
2008-08-01 13:35 . 2008-08-01 13:35 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-01 13:14 . 2008-08-17 12:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-30 10:46 . 2008-07-30 10:46 <DIR> d-------- C:\Program Files\Codemasters
2008-07-30 10:45 . 2008-07-30 10:45 <DIR> d-------- C:\Program Files\PowerISO
2008-07-28 00:15 . 2008-07-28 00:15 <DIR> d-------- C:\Program Files\Bonjour
2008-07-28 00:15 . 2008-08-16 01:34 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Apple Computer
2008-07-28 00:14 . 2008-07-28 00:14 <DIR> d-------- C:\Program Files\QuickTime
2008-07-28 00:14 . 2008-07-28 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-28 00:14 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-28 00:13 . 2008-07-28 00:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-28 00:13 . 2008-07-28 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-27 23:21 . 2008-07-27 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:59 . 2008-08-21 22:03 <DIR> d-------- C:\Downloads
2008-07-27 21:46 . 2008-07-28 13:54 <DIR> d-------- C:\Program Files\BitComet
2008-07-27 20:41 . 2008-07-27 20:41 <DIR> d-------- C:\Program Files\Windows Live
2008-07-27 20:41 . 2008-07-27 20:41 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-07-27 20:41 . 2008-07-27 20:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 20:31 . 2008-08-05 20:57 <DIR> d-------- C:\Documents and Settings\User-0\Contacts
2008-07-27 20:30 . 2008-08-16 20:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-27 20:30 . 2008-08-18 15:09 <DIR> d-------- C:\Program Files\MSN Messenger
2008-07-27 20:28 . 2008-08-23 10:58 <DIR> d-------- C:\Program Files\mIRC
2008-07-27 20:28 . 2008-08-23 11:09 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\mIRC
2008-07-27 20:17 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-27 20:17 . 2008-04-13 15:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-27 20:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-27 20:04 . 2008-07-27 20:04 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Windows Search
2008-07-27 19:59 . 2008-07-27 19:59 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Logitech
2008-07-27 19:23 . 2008-07-27 19:23 <DIR> d-------- C:\WINDOWS\Motive
2008-07-27 19:23 . 2008-07-27 19:23 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-27 19:22 . 2008-07-27 19:22 <DIR> d-------- C:\Program Files\Motive
2008-07-27 19:22 . 2008-07-27 19:22 <DIR> d-------- C:\Program Files\Aliant
2008-07-27 19:20 . 2008-07-27 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-07-27 19:19 . 2003-07-11 15:18 1,069,056 --a------ C:\WINDOWS\system32\ActiveUtils.dll
2008-07-27 19:19 . 2003-07-11 15:14 327,680 --a------ C:\WINDOWS\system32\snmpaxctrl.dll
2008-07-27 19:19 . 2003-07-11 15:12 87,040 --a------ C:\WINDOWS\system32\WebFlowIDPersist.dll
2008-07-27 19:19 . 2003-07-11 15:11 86,016 --a------ C:\WINDOWS\system32\BJInstaller.dll
2008-07-27 19:19 . 2003-07-11 15:20 73,728 --a------ C:\WINDOWS\system32\BinaryAggregator1.dll
2008-07-27 19:19 . 2003-07-11 15:19 40,448 --a------ C:\WINDOWS\system32\BJAXSecurityManager.dll
2008-07-27 19:19 . 2003-07-11 15:13 37,376 --a------ C:\WINDOWS\system32\ReportReader.dll
2008-07-27 19:19 . 2001-12-03 12:16 3,262 --------- C:\WINDOWS\app.ico
2008-07-27 19:12 . 2008-07-27 20:43 <DIR> d-------- C:\Program Files\MUSICMATCH
2008-07-27 19:11 . 2008-08-08 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MediaLife
2008-07-27 19:11 . 2005-05-12 21:24 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-27 19:11 . 2003-04-23 18:29 221,215 --------- C:\WINDOWS\system32\Divxdec.ax
2008-07-27 19:11 . 2005-05-12 21:24 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-26 20:48 --------- d-----w C:\Program Files\ATI Technologies
2008-07-26 20:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-26 20:43 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-26 20:43 --------- d-----w C:\Program Files\Realtek
2008-07-26 20:35 --------- d-----w C:\Program Files\IDT
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 21:12 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-27 19:11 32768]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 21:12 1695232]
"webhlp"="C:\WINDOWS\system32\qtcrwrin.exe" [2008-08-16 19:56 86016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-16 23:21 1235736]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 21:23 110739]
"Motive SmartBridge"="C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe" [2003-01-08 18:00 339968]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 09:42 4891472]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-07-27 19:11:06 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-27 19:10:04 450560]
Net Assistant.lnk - C:\Program Files\Aliant\Net Assistant\bin\matcli.exe [2008-07-27 19:22:47 212992]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"17381:TCP"= 17381:TCP:BitComet 17381 TCP
"17381:UDP"= 17381:UDP:BitComet 17381 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-16 23:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-16 23:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 23:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-29 08:50]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-02-24 14:27]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\install\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-2HcZixugC0 - C:\Documents and Settings\User-0\Desktop\AdobeFlashPlayerHD.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User-0\Application Data\Mozilla\Firefox\Profiles\v4yztp9o.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 11:17:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-23 11:20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 14:20:43

Pre-Run: 331,550,793,728 bytes free
Post-Run: 331,472,736,256 bytes free

288 --- E O F --- 2008-08-19 06:03:13



Hijackthis log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:11 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\qtcrwrin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9483] command /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5575] cmd /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [webhlp] C:\WINDOWS\system32\qtcrwrin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2488] command /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3864] cmd /c del "C:\Documents and Settings\User-0\Local Settings\Temp\x.ico"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{637DE053-2661-4E28-8E1C-E405557A521F}: NameServer = 142.177.2.130 142.166.145.137
O18 - Protocol: bw+0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {9DF6CC2E-4795-44FF-BBF7-320B92F77B66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe

--
End of file - 20941 bytes



Also when i finished the combofix restart and everything Spybot search and destroy had a bunch of messages coming up saying that there was a system change and asking weather or not i should allow or deny change i denied 95% of them.

But i don't think it worked because like 5 min into start up i got that same message as i had before that i put a screen shot of pop up.
  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi LiamSmith,

Please do the following:

Disable Teatimer

Please disable Teatimer as it may interfere with the fix.

First:
*Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
*Choose Exit Spybot S&D Resident

Second:
*Open Spybot S&D
*Click Mode, check Advanced Mode
*Go To Left Panel, Click Tools, then also in left panel, click Resident
*If your firewall raises a question, say OK
*Uncheck the box labeled Resident Tea-Timer and OK any prompts.
*Use File, Exit to terminate Spybot
*Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings.

===============================================


P2P Warning!

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current problem/infection. I would strongly suggest you remove BitComet & LimeWire. Removing can be done through Add/Remove Programs.

go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitComet
LimeWire



===============================================


Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\system32\qtcrwrin.exe
Folder::
C:\Documents and Settings\All Users\Application Data\kpqlybqf	 
C:\Documents and Settings\All Users\Application Data\mnwnuvir


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .

===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner

please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

===============================================

Needed in your next reply:

Combofix log
Kaspersky WebScanner results

And let me know how your system is running now :)
  • 0

#7
LiamSmith

LiamSmith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Combofix log:

ComboFix 08-08-21.02 - User-0 2008-08-23 23:32:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2783 [GMT -3:00]
Running from: C:\Documents and Settings\User-0\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User-0\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\system32\qtcrwrin.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\kpqlybqf
C:\Documents and Settings\All Users\Application Data\mnwnuvir
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-23 10:41 . 2008-08-23 10:41 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-21 17:58 . 2008-08-21 17:58 <DIR> d-------- C:\Program Files\Atari
2008-08-18 19:40 . 2008-05-09 07:53 512,000 --------- C:\WINDOWS\system32\dllcache\jscript.dll
2008-08-18 19:40 . 2008-05-09 07:53 430,080 --------- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-08-18 19:40 . 2008-05-09 07:53 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-08-18 19:40 . 2008-05-09 07:53 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-08-18 19:40 . 2008-05-08 08:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe
2008-08-18 19:40 . 2008-05-09 05:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe
2008-08-18 19:40 . 2008-05-09 07:53 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll
2008-08-18 15:07 . 2008-08-18 15:07 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-08-18 15:07 . 2008-08-18 15:07 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-18 15:07 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-18 14:53 . 2008-08-18 14:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-18 14:53 . 2008-08-18 14:53 <DIR> d-------- C:\WINDOWS\Logs
2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-18 14:10 . 2008-08-18 14:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 14:10 . 2008-08-18 14:10 685,056 --a------ C:\WINDOWS\is-8N66V.exe
2008-08-18 14:10 . 2008-08-18 14:10 10,498 --a------ C:\WINDOWS\is-8N66V.msg
2008-08-18 14:10 . 2008-08-18 14:10 460 --a------ C:\WINDOWS\is-8N66V.lst
2008-08-17 01:25 . 2008-08-17 01:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-16 23:52 . 2008-08-18 15:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Malwarebytes
2008-08-16 23:52 . 2008-08-16 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 23:52 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 23:52 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 21:12 . 2008-08-19 12:29 1,263 --a------ C:\WINDOWS\wininit.ini
2008-08-16 20:49 . 2008-08-16 20:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-16 20:49 . 2008-08-16 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 15:20 . 2008-07-07 17:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-08-13 15:20 . 2008-06-24 13:43 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-13 15:18 . 2008-05-01 11:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:17 . 2008-04-11 16:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 18:42 . 2008-08-12 18:42 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\DVDFab
2008-08-08 23:43 . 2008-08-08 23:43 <DIR> d-------- C:\WINDOWS\Sun
2008-08-08 23:42 . 2008-08-08 23:42 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\MediaLife
2008-08-07 22:26 . 2008-08-07 22:26 <DIR> d-------- C:\Program Files\Java
2008-08-07 22:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-07 22:24 . 2008-08-07 22:24 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-07 16:45 . 2008-08-07 16:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-07 16:37 . 2008-08-07 16:37 <DIR> d-------- C:\Program Files\LucasArts
2008-08-07 16:12 . 2008-08-21 22:34 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\LimeWire
2008-08-06 22:50 . 2008-08-06 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-08-06 22:20 . 2008-08-06 22:20 <DIR> d-------- C:\Program Files\Sun
2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-06 15:18 . 2008-08-06 22:57 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-06 15:18 . 2008-08-21 18:29 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Vso
2008-08-06 15:18 . 2008-08-06 15:18 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-06 15:18 . 2008-08-06 15:18 47,360 --a------ C:\Documents and Settings\User-0\Application Data\pcouffin.sys
2008-08-06 15:04 . 2008-08-23 11:55 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-02 10:15 . 2008-08-02 10:16 <DIR> d-------- C:\Program Files\iTunes
2008-08-02 10:15 . 2008-08-02 10:15 <DIR> d-------- C:\Program Files\iPod
2008-08-02 10:06 . 2008-08-02 10:06 <DIR> d-------- C:\Program Files\Safari
2008-08-01 13:44 . 2008-08-23 00:37 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-01 13:40 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-08-01 13:40 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-08-01 13:40 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-08-01 13:40 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-08-01 13:40 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-01 13:40 . 2008-08-01 13:40 22,328 --a------ C:\Documents and Settings\User-0\Application Data\PnkBstrK.sys
2008-08-01 13:35 . 2008-08-01 13:35 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-01 13:14 . 2008-08-23 12:19 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-30 10:46 . 2008-07-30 10:46 <DIR> d-------- C:\Program Files\Codemasters
2008-07-30 10:45 . 2008-07-30 10:45 <DIR> d-------- C:\Program Files\PowerISO
2008-07-28 00:15 . 2008-07-28 00:15 <DIR> d-------- C:\Program Files\Bonjour
2008-07-28 00:15 . 2008-08-16 01:34 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Apple Computer
2008-07-28 00:14 . 2008-07-28 00:14 <DIR> d-------- C:\Program Files\QuickTime
2008-07-28 00:14 . 2008-07-28 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-28 00:14 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-28 00:13 . 2008-07-28 00:13 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-28 00:13 . 2008-07-28 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-27 23:21 . 2008-07-27 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-27 21:59 . 2008-08-21 22:03 <DIR> d-------- C:\Downloads
2008-07-27 21:46 . 2008-08-23 23:23 <DIR> d-------- C:\Program Files\BitComet
2008-07-27 20:41 . 2008-07-27 20:41 <DIR> d-------- C:\Program Files\Windows Live
2008-07-27 20:41 . 2008-07-27 20:41 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-07-27 20:41 . 2008-07-27 20:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 20:31 . 2008-08-05 20:57 <DIR> d-------- C:\Documents and Settings\User-0\Contacts
2008-07-27 20:30 . 2008-08-16 20:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-27 20:30 . 2008-08-18 15:09 <DIR> d-------- C:\Program Files\MSN Messenger
2008-07-27 20:28 . 2008-08-23 11:52 <DIR> d-------- C:\Program Files\mIRC
2008-07-27 20:28 . 2008-08-23 23:15 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\mIRC
2008-07-27 20:17 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-27 20:17 . 2008-04-13 15:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-27 20:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-27 20:04 . 2008-07-27 20:04 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Windows Search
2008-07-27 19:59 . 2008-07-27 19:59 <DIR> d-------- C:\Documents and Settings\User-0\Application Data\Logitech
2008-07-27 19:23 . 2008-07-27 19:23 <DIR> d-------- C:\WINDOWS\Motive
2008-07-27 19:23 . 2008-07-27 19:23 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-27 19:22 . 2008-07-27 19:22 <DIR> d-------- C:\Program Files\Motive
2008-07-27 19:22 . 2008-07-27 19:22 <DIR> d-------- C:\Program Files\Aliant
2008-07-27 19:20 . 2008-07-27 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-07-27 19:19 . 2003-07-11 15:18 1,069,056 --a------ C:\WINDOWS\system32\ActiveUtils.dll
2008-07-27 19:19 . 2003-07-11 15:14 327,680 --a------ C:\WINDOWS\system32\snmpaxctrl.dll
2008-07-27 19:19 . 2003-07-11 15:12 87,040 --a------ C:\WINDOWS\system32\WebFlowIDPersist.dll
2008-07-27 19:19 . 2003-07-11 15:11 86,016 --a------ C:\WINDOWS\system32\BJInstaller.dll
2008-07-27 19:19 . 2003-07-11 15:20 73,728 --a------ C:\WINDOWS\system32\BinaryAggregator1.dll
2008-07-27 19:19 . 2003-07-11 15:19 40,448 --a------ C:\WINDOWS\system32\BJAXSecurityManager.dll
2008-07-27 19:19 . 2003-07-11 15:13 37,376 --a------ C:\WINDOWS\system32\ReportReader.dll
2008-07-27 19:19 . 2001-12-03 12:16 3,262 --------- C:\WINDOWS\app.ico
2008-07-27 19:12 . 2008-07-27 20:43 <DIR> d-------- C:\Program Files\MUSICMATCH
2008-07-27 19:11 . 2008-08-08 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MediaLife
2008-07-27 19:11 . 2005-05-12 21:24 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-07-27 19:11 . 2003-04-23 18:29 221,215 --------- C:\WINDOWS\system32\Divxdec.ax
2008-07-27 19:11 . 2005-05-12 21:24 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2008-07-27 19:11 . 2008-07-27 19:11 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-07-27 19:11 . 2005-05-12 21:24 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-07-27 19:10 . 2008-07-27 19:11 <DIR> d-------- C:\Program Files\Logitech
2008-07-27 19:10 . 2008-07-27 19:10 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-27 19:02 . 2008-04-13 15:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-07-27 19:02 . 2008-04-13 15:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-27 19:02 . 2008-04-13 21:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-27 19:02 . 2008-04-13 15:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-27 19:02 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-27 19:02 . 2008-04-13 15:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-27 12:05 . 2008-07-27 12:05 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-07-27 12:05 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-27 12:05 . 2008-07-27 12:05 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-27 12:04 . 2008-07-27 12:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-27 12:02 . 2008-07-27 12:02 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-27 12:01 . 2008-07-27 12:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-27 12:01 . 2008-07-27 12:01 <DIR> d-------- C:\Program Files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 13:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 13:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 13:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-27 22:15 155,995 ----a-w C:\WINDOWS\java\Packages\XNHZJF3T.ZIP
2008-07-26 20:48 --------- d-----w C:\Program Files\ATI Technologies
2008-07-26 20:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-26 20:43 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-26 20:43 --------- d-----w C:\Program Files\Realtek
2008-07-26 20:35 --------- d-----w C:\Program Files\IDT
2008-07-12 11:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 11:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 11:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-04 00:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 17:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 17:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 17:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 17:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 17:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 17:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 17:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-29 14:16 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-05-27 01:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-27 01:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-27 01:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-27 01:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-27 01:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-27 01:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-27 01:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-27 01:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-27 01:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-27 01:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-27 01:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-27 01:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-27 01:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-27 01:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-27 01:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-27 01:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-27 01:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-27 01:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-27 01:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-27 01:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-27 01:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-27 01:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-27 01:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-27 01:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-27 01:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-27 01:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-27 00:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-27 00:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 21:12 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-27 19:11 32768]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 21:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-16 23:21 1235736]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 21:23 110739]
"Motive SmartBridge"="C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe" [2003-01-08 18:00 339968]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 09:42 4891472]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-07-27 19:11:06 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-27 19:10:04 450560]
Net Assistant.lnk - C:\Program Files\Aliant\Net Assistant\bin\matcli.exe [2008-07-27 19:22:47 212992]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"17381:TCP"= 17381:TCP:BitComet 17381 TCP
"17381:UDP"= 17381:UDP:BitComet 17381 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-16 23:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-16 23:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 23:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-29 08:50]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-02-24 14:27]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\install\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-webhlp - C:\WINDOWS\system32\qtcrwrin.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 23:33:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-23 23:34:29
ComboFix-quarantined-files.txt 2008-08-24 02:34:26
ComboFix2.txt 2008-08-23 14:20:48

Pre-Run: 331,451,047,936 bytes free
Post-Run: 331,453,968,384 bytes free

348 --- E O F --- 2008-08-19 06:03:13


Kapersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 03:54:37
Records in database: 1138994
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 47855
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:39:47


File name / Threat name / Threats count
C:\WINDOWS\system32\Tools\Restart.exe Infected: not-a-virus:RiskTool.Win32.Reboot.j 1

The selected area was scanned.

The systems still a bit slow but the window hasent poped up yet but this is no supprise seeing as today i've only been on it like 5 minutes and it usally takes a little while. But we can hope.
  • 0

#8
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello

OTMoveIt2 by OldTimer


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\Tools\Restart.exe
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============================================

Please play around for a bit on your system and let me know if your still having any problems, also post a fresh HijackThis log for me to take a look at :)
  • 0

#9
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP