0

Msn wont run, startup or anything and it sucks :(

MalwareBytes’ Anti-Malware log

Malwarebytes' Anti-Malware 1.24
Database version: 1016
Windows 5.1.2600 Service Pack 2

12:17:53 PM 8/2/2008
mbam-log-8-2-2008 (12-17-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 93499
Time elapsed: 31 minute(s), 21 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\system32\mpxa.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mpxa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{308DB6C5-EE1F-4820-B3A9-35024F11B78E}\RP345\A0061844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{308DB6C5-EE1F-4820-B3A9-35024F11B78E}\RP346\A0061967.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ESET Online Scanner log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3318 (20080801)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ec7ce3b0caccad488fbb5d6e039a6137
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-02 05:04:02
# local_time=2008-08-02 01:04:02 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=224472
# found=0
# scan_time=1727

BOTH Logs from Deckard's System Scanner (main.txt and extra.txt)

Deckard's System Scanner v20071014.68
Run by Doug on 2008-08-02 13:09:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-08-02 17:09:20 UTC - RP347 - Deckard's System Scanner Restore Point
101: 2008-08-02 11:34:24 UTC - RP346 - Restore Operation
100: 2008-08-02 11:31:28 UTC - RP345 - Restore Operation
99: 2008-08-01 23:31:30 UTC - RP344 - Software Distribution Service 3.0
98: 2008-08-01 23:27:16 UTC - RP343 - Installed Windows Live


-- First Restore Point --
1: 2008-05-04 15:01:28 UTC - RP246 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Doug.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-02 13:10:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Doug\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\DOUGHNUT-CP02RJ\svchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Battle Phlinx by pogo () - http://game3.pogo.com/v/8.1.9.1/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo () - http://game3.pogo.com/v/9.0.1.14/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo () - http://game3.pogo.com/v/9.0.2.13/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo () - http://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
O16 - DPF: Crazy Cakes by pogo () - http://game3.pogo.com/v/9.0.3.19/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dice Derby by pogo () - http://game1.pogo.com/v/8.1.7.44/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Fortune Bingo by pogo () - http://game1.pogo.com/v/8.1.7.44/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/greenback/greenback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo () - http://game3.pogo.com/v/8.1.9.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: KenoPop! by pogo () - http://game1.pogo.com/v/8.1.8.21/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo () - http://game3.pogo.com/v/8.1.7.44/applet/allin/allin-en_US.cab
O16 - DPF: Penguin Blocks by pogo () - http://game3.pogo.com/v/9.0.1.23/applet/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo () - http://game3.pogo.com/v/8.1.7.44/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Ride The Tide by pogo () - http://game3.pogo.com/v/9.0.2.13/applet/ride/ride-en_US.cab
O16 - DPF: Stellar Sweeper by pogo () - http://game3.pogo.com/v/9.0.1.23/applet/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo () - http://game3.pogo.com/v/9.0.1.14/applet/holdem/holdem-en_US.cab
O16 - DPF: TruePass EPF 7,0,100,739 () - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: Tumble Bees by pogo () - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: Wonderland Memories by pogo () - http://game3.pogo.com/v/9.0.1.7/applet/memories/memories-en_US.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201921339765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201921320109
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHAtSI - C:\WINDOWS\system32\jkkHAtSI.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe


--
End of file - 11474 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys

S2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81BC1043&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81BC1043&REV_A2\3&2411E6FE&0&51
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 18:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-02 12:24:29 0 d-------- C:\Program Files\EsetOnlineScanner
2008-08-02 11:39:59 0 d-------- C:\Documents and Settings\Doug\Application Data\Malwarebytes
2008-08-02 11:39:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 11:39:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 07:50:32 251392 --a------ C:\hijackthis_sfx.exe
2008-08-02 07:48:56 2713843 --a------ C:\ComboFix.exe
2008-08-02 04:42:05 1519616 --a------ C:\WINDOWS\system32\mxpvct25.dat <Not Verified; Chilkat Software, Inc.; Chilkat Mail>
2008-08-02 04:42:04 40960 --a------ C:\WINDOWS\system32\mxpvct23.dat
2008-08-02 04:42:04 0 dr-hs---- C:\Program Files\SCPP
2008-08-01 22:35:33 0 d-------- C:\Program Files\10 Talismans
2008-08-01 18:56:40 0 d--h----- C:\$AVG8.VAULT$
2008-08-01 18:52:08 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-01 18:52:04 0 d-------- C:\Program Files\AVG
2008-08-01 17:31:10 0 d-------- C:\WINDOWS\Sun
2008-08-01 17:31:10 0 d-------- C:\Documents and Settings\Doug\Application Data\Sun
2008-07-30 22:19:41 4096 --a------ C:\WINDOWS\d3dx.dat
2008-07-30 11:32:06 0 d-------- C:\Documents and Settings\Doug\Application Data\EnchantedCavern
2008-07-23 18:01:58 0 d--h----- C:\WINDOWS\PIF
2008-07-14 15:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-05 14:54:24 0 d-------- C:\TOD 072008
2008-07-03 23:34:31 0 d-------- C:\WINDOWS\system32\FlashAX
2008-07-03 22:39:07 0 d-------- C:\Documents and Settings\Doug\Application Data\Microgaming


-- Find3M Report ---------------------------------------------------------------

2008-08-02 07:32:39 0 d-------- C:\Documents and Settings\Doug\Application Data\Azureus
2008-08-01 17:34:06 0 d-------- C:\Program Files\Windows Live
2008-08-01 05:34:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-29 08:25:36 0 d-------- C:\Program Files\PartyGaming
2008-07-28 05:37:28 0 d-------- C:\Program Files\PokerStars
2008-07-26 17:08:20 0 d-------- C:\Program Files\Azureus
2008-07-24 23:14:41 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-14 20:18:09 0 d-------- C:\Program Files\LimeWire
2008-06-14 20:09:12 0 d-------- C:\Program Files\Trymedia
2008-06-14 20:09:07 0 d-------- C:\Program Files\Ludia
2008-06-10 10:34:51 0 d-------- C:\Documents and Settings\Doug\Application Data\Ludia
2008-06-08 20:02:49 0 --a------ C:\Program Files\temp01
2008-06-08 20:02:49 0 d-------- C:\Program Files\bfgclient


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
03/24/2008 04:43 AM 1470488 --a------ C:\Program Files\F2atv_Forums\tbF2a1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0FF9A677-542A-481D-A6D6-3FA32D8A806D}"= C:\Program Files\F2atv_Forums\tbF2a1.dll [03/24/2008 04:43 AM 1470488]

[-HKEY_CLASSES_ROOT\CLSID\{0FF9A677-542A-481D-A6D6-3FA32D8A806D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 10:34 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 04:42 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 06:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 03:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 03:14 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 02:49 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/01/2008 06:52 PM]
"User Themes"="C:\Program Files\Common Files\Microsoft Shared\DAO\DOUGHNUT-CP02RJ\svchost.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [05/30/2008 02:45 PM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 02:44 PM]
"mpt"="c:\WINDOWS\system32\mpt.exe" [07/14/2008 03:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/24/2008 10:41:00 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5}"= C:\WINDOWS\system32\jkkHAtSI.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHAtSI]
jkkHAtSI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 01/09/2008 12:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4282db1a-d5cd-11dc-811c-806d6172696f}]
AutoRun\command- F:\MonopolyPBInstall.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4282db1f-d5cd-11dc-811c-001731740e72}]
AutoRun\command- G:\trophy_bass_2007.exe


-- End of Deckard's System Scanner: finished at 2008-08-02 13:10:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 3070.48 MiB / 2308.79 MiB
Pagefile Memory (total/avail): 4955.97 MiB / 4333.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.42 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 201.54 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 217.71 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250620AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - ST3250620AS - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"="C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe:*:Enabled:Wheel of Fortune Deluxe"
"C:\\Documents and Settings\\Doug\\Local Settings\\Temp\\~AceTemp\\PVRSERVER_111b[1]\\PVRSERVER_111b.exe"="C:\\Documents and Settings\\Doug\\Local Settings\\Temp\\~AceTemp\\PVRSERVER_111b[1]\\PVRSERVER_111b.exe:*:Enabled:PVRSERVER_111b"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\WINDOWS\\system32\\mpxa.exe"="C:\\WINDOWS\\system32\\mpxa.exe:*:Enabled:mpxa"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Doug\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DOUGHNUT-CP02RJ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Doug
LOGONSERVER=\\DOUGHNUT-CP02RJ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Doug\LOCALS~1\Temp
TMP=C:\DOCUME~1\Doug\LOCALS~1\Temp
USERDOMAIN=DOUGHNUT-CP02RJ
USERNAME=Doug
USERPROFILE=C:\Documents and Settings\Doug
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Doug (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
10 Talismans --> "C:\Program Files\10 Talismans\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dora Fairytale Adventure --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}\setup.exe" -l0x9
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
EVEREST Ultimate Edition v4.50 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
F2atv_Forums Toolbar --> C:\PROGRA~1\F2ATV_~1\UNWISE.EXE C:\PROGRA~1\F2ATV_~1\INSTALL.LOG
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
The Price Is Right 1.1.0 --> C:\Program Files\Ludia\The Price Is Right\uninstall.exe
Trophy Bass 2007 --> "C:\Program Files\Trophy Bass 2007\uninstall.exe"
WeatherEye --> "C:\Program Files\TheWeatherNetwork\WeatherEye\MMTWNLiveUpdate.exe" /language ENGLISH /uninstall HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WeatherEye,HKEY_CURRENT_USER\Software\MMTWN\WeatherEye
Wheel Of Fortune --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Wheel Of Fortune\Uninst.isu"
Wheel of Fortune Deluxe (remove only) --> "C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Uninstall Wheel of Fortune Deluxe.exe"
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinWay Resume Deluxe --> MsiExec.exe /I{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1509 / Error
Event Submitted/Written: 08/02/2008 11:17:57 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1482 / Success
Event Submitted/Written: 08/02/2008 04:20:22 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1462 / Error
Event Submitted/Written: 08/01/2008 07:25:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1441 / Error
Event Submitted/Written: 08/01/2008 10:08:11 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type1414 / Success
Event Submitted/Written: 07/31/2008 11:34:23 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16379 / Error
Event Submitted/Written: 08/02/2008 07:43:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type16375 / Error
Event Submitted/Written: 08/02/2008 07:43:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type16373 / Error
Event Submitted/Written: 08/02/2008 07:43:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type16370 / Error
Event Submitted/Written: 08/02/2008 07:43:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type16367 / Error
Event Submitted/Written: 08/02/2008 07:43:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2008-08-02 13:10:49 ------------

Uninstall List

10 Talismans
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
AVG Free 8.0
Azureus Vuze
Belarc Advisor 7.2
Big Fish Games Client
CDDRV_Installer
DAEMON Tools
Dora Fairytale Adventure
ESET Online Scanner
EVEREST Ultimate Edition v4.50
F2atv_Forums Toolbar
Full Tilt Poker
GameTap
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Java(TM) 6 Update 4
KhalInstallWrapper
LimeWire PRO 4.12.3
Logitech QuickCam Software
Logitech SetPoint
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
PartyPoker
PokerStars
PowerDVD
QuickTime
Remote Control USB Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SoundMAX
The Price Is Right 1.1.0
Trophy Bass 2007
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Wheel Of Fortune
Wheel of Fortune Deluxe (remove only)
WinAce Archiver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinWay Resume Deluxe
Xvid 1.1.3 final uninstall


Thanks so much guys

3
Contributors
6
Replies
7
Views
9 Years
Discussion Span
Last Post by jholland1964
0

When you say MSN won't run...do you mean the MSN browser or MSN Instant Messaging or what?
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

0

Hey again, sorry about that. I meant Msn messanger wont run. Here is the combofix log then the hijack this log.

ComboFix 08-08-01.05 - Doug 2008-08-02 15:44:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2383 [GMT -4:00]
Running from: C:\Documents and Settings\Doug\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/submit-malware.php?channel=4

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ijl11pro.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 15:45 . 2008-08-02 15:45 11,887 --a------ C:\ComboFix_error.dat
2008-08-02 13:09 . 2008-08-02 13:09 <DIR> d-------- C:\Deckard
2008-08-02 12:24 . 2008-08-02 13:04 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-02 11:39 . 2008-08-02 11:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 11:39 . 2008-08-02 11:39 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Malwarebytes
2008-08-02 11:39 . 2008-08-02 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 11:39 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 11:39 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 07:50 . 2008-08-02 07:50 251,392 --a------ C:\hijackthis_sfx.exe
2008-08-02 07:48 . 2008-08-02 07:48 2,713,843 --a------ C:\ComboFix.exe
2008-08-02 04:42 . 2008-08-02 07:33 <DIR> dr-hs---- C:\Program Files\SCPP
2008-08-02 04:42 . 2001-08-23 15:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-02 04:42 . 2007-06-08 17:15 1,519,616 --a------ C:\WINDOWS\system32\mxpvct25.dat
2008-08-02 04:42 . 2004-03-08 21:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-08-02 04:42 . 2004-03-09 16:45 132,880 --a------ C:\WINDOWS\system32\mxpvct22.dat
2008-08-02 04:42 . 2007-03-13 06:37 40,960 --a------ C:\WINDOWS\system32\mxpvct23.dat
2008-08-02 04:42 . 2008-08-02 04:45 86 --a------ C:\WINDOWS\system32\psappini.ini
2008-08-01 22:35 . 2008-08-02 07:33 <DIR> d-------- C:\Program Files\10 Talismans
2008-08-01 18:56 . 2008-08-02 04:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-01 18:52 . 2008-08-01 18:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-01 18:52 . 2008-08-01 18:52 <DIR> d-------- C:\Program Files\AVG
2008-08-01 18:52 . 2008-08-01 18:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-01 18:52 . 2008-08-01 18:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-01 18:52 . 2008-08-01 18:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-01 17:33 . 2008-08-01 17:33 2,400,784 --a------ C:\WLinstaller.exe
2008-08-01 17:31 . 2008-08-01 17:31 <DIR> d-------- C:\WINDOWS\Sun
2008-07-30 22:19 . 2008-07-30 22:19 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-30 11:32 . 2008-07-30 11:32 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\EnchantedCavern
2008-07-23 18:01 . 2008-07-23 18:01 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-22 23:19 . 2008-07-22 23:19 40 --a------ C:\WINDOWS\nero.INI
2008-07-14 15:03 . 2008-07-14 15:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-05 14:54 . 2008-07-05 20:15 <DIR> d-------- C:\TOD 072008
2008-07-03 23:34 . 2008-07-03 23:34 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-07-03 22:39 . 2008-07-03 22:40 <DIR> d-------- C:\Documents and Settings\Doug\Application Data\Microgaming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 14:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 11:32 --------- d-----w C:\Documents and Settings\Doug\Application Data\Azureus
2008-08-01 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-01 21:34 --------- d-----w C:\Program Files\Windows Live
2008-08-01 09:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-29 12:25 --------- d-----w C:\Program Files\PartyGaming
2008-07-28 09:37 --------- d-----w C:\Program Files\PokerStars
2008-07-26 21:08 --------- d-----w C:\Program Files\Azureus
2008-07-25 03:14 --------- d-----w C:\Program Files\Full Tilt Poker
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 00:18 --------- d-----w C:\Program Files\LimeWire
2008-06-15 00:09 --------- d-----w C:\Program Files\Trymedia
2008-06-15 00:09 --------- d-----w C:\Program Files\Ludia
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 14:34 --------- d-----w C:\Documents and Settings\Doug\Application Data\Ludia
2008-06-10 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-09 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-09 00:02 0 ----a-w C:\Program Files\temp01
2008-06-09 00:02 --------- d-----w C:\Program Files\bfgclient
2008-05-22 21:48 499,402 ----a-w C:\WINDOWS\java\Packages\7TBXV3RB.ZIP
2008-05-21 00:48 5,483 ----a-w C:\WINDOWS\java\Packages\RN1Z5FB7.ZIP
2008-05-21 00:48 2,520,658 ----a-w C:\WINDOWS\java\Packages\PVNR393D.ZIP
2008-05-21 00:46 1,917,206 ----a-w C:\WINDOWS\java\Packages\9N3HZRNJ.ZIP
2008-05-21 00:41 2,296,404 ----a-w C:\WINDOWS\java\Packages\OJ53V3PJ.ZIP
2008-05-20 17:13 5,483 ----a-w C:\WINDOWS\java\Packages\4OM2HZZ3.ZIP
2008-05-20 17:13 2,131,050 ----a-w C:\WINDOWS\java\Packages\N93HRBXN.ZIP
2008-05-20 03:29 2,591,280 ----a-w C:\WINDOWS\java\Packages\G1JRBJ97.ZIP
2008-05-17 12:11 2,018,968 ----a-w C:\WINDOWS\java\Packages\57RB9Z75.ZIP
2008-05-17 11:59 1,940,531 ----a-w C:\WINDOWS\java\Packages\13NFNNTV.ZIP
2008-05-17 01:15 3,601,343 ----a-w C:\WINDOWS\java\Packages\EXJ3JBRX.ZIP
2008-05-16 02:05 2,934,622 ----a-w C:\WINDOWS\java\Packages\GLZBFLFL.ZIP
2008-05-16 02:03 2,481,700 ----a-w C:\WINDOWS\java\Packages\4G5RTJ9J.ZIP
2008-05-16 01:55 2,336,528 ----a-w C:\WINDOWS\java\Packages\MKVNDZ31.ZIP
2008-05-16 01:51 2,727,450 ----a-w C:\WINDOWS\java\Packages\3ZVFJVJH.ZIP
2008-05-16 01:49 2,384,472 ----a-w C:\WINDOWS\java\Packages\3BDNTJZ1.ZIP
2008-05-14 17:44 5,483 ----a-w C:\WINDOWS\java\Packages\I9R5J5ZP.ZIP
2008-05-14 17:44 2,916,383 ----a-w C:\WINDOWS\java\Packages\LZNTJ3LF.ZIP
2008-05-14 16:23 64,078 ----a-w C:\WINDOWS\java\Packages\HZ9JR1RB.ZIP
2008-05-14 16:23 3,125,722 ----a-w C:\WINDOWS\java\Packages\4YWKT7NR.ZIP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 01:13 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-05-03 20:50 1,749,436 ----a-w C:\everestultimate450.zip
2008-05-03 18:37 8,315,488 ----a-w C:\everestultimate450.exe
2008-04-22 10:05 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0ff9a677-542a-481d-a6d6-3fa32d8a806d}"= "C:\Program Files\F2atv_Forums\tbF2a1.dll" [2008-03-24 04:43 1470488]

[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
2008-03-24 04:43 1470488 --a------ C:\Program Files\F2atv_Forums\tbF2a1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0ff9a677-542a-481d-a6d6-3fa32d8a806d}"= "C:\Program Files\F2atv_Forums\tbF2a1.dll" [2008-03-24 04:43 1470488]

[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0FF9A677-542A-481D-A6D6-3FA32D8A806D}"= "C:\Program Files\F2atv_Forums\tbF2a1.dll" [2008-03-24 04:43 1470488]

[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 14:45 4501912]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"mpt"="c:\WINDOWS\system32\mpt.exe" [2008-07-14 15:03 58594]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-01 18:52 1232152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-24 22:41:00 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-01 18:52]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-01 18:52]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-01 18:52]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-01 18:52]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-User Themes - C:\Program Files\Common Files\Microsoft Shared\DAO\DOUGHNUT-CP02RJ\svchost.exe
Notify-jkkHAtSI - jkkHAtSI.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O16 -: Battle Phlinx by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/battlephlinx/battlephlinx-en_US.cab
C:\WINDOWS\Downloaded Program Files\Battle Phlinx by pogo.osd

O16 -: Blackjack by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/blackjack/blackjack-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd

O16 -: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.0.2.13/applet/vbjack2/vbjack2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blackjack Carnival by pogo.osd

O16 -: Blooop by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blooop by pogo.osd

O16 -: Crazy Cakes by pogo - hxxp://game3.pogo.com/v/9.0.3.19/applet/platespinner/platespinner-en_US.cab
C:\WINDOWS\Downloaded Program Files\Crazy Cakes by pogo.osd

O16 -: Dice Derby by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/checkeredflag/checkeredflag-en_US.cab
C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Fortune Bingo by pogo - hxxp://game1.pogo.com/v/8.1.7.44/applet/superbingo/superbingo-en_US.cab
C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd

O16 -: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/greenback/greenback-en_US.cab
C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd

O16 -: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/hangman/hangman-en_US.cab
C:\WINDOWS\Downloaded Program Files\Hangman Hijinks by pogo.osd

O16 -: Hog Heaven Slots by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
C:\WINDOWS\Downloaded Program Files\Hog Heaven Slots by pogo.osd

O16 -: KenoPop! by pogo - hxxp://game1.pogo.com/v/8.1.8.21/applet/speedkeno/speedkeno-en_US.cab
C:\WINDOWS\Downloaded Program Files\KenoPop! by pogo.osd

O16 -: Lost Temple Poker by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/mhpoker/mhpoker-en_US.cab
C:\WINDOWS\Downloaded Program Files\Lost Temple Poker by pogo.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: No-Limit Texas Hold'em by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/allin/allin-en_US.cab
C:\WINDOWS\Downloaded Program Files\No-Limit Texas Hold'em by pogo.osd

O16 -: Penguin Blocks by pogo - hxxp://game3.pogo.com/v/9.0.1.23/applet/penguins/penguins-en_US.cab
C:\WINDOWS\Downloaded Program Files\Penguin Blocks by pogo.osd

O16 -: Pop Fu by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/popfu/popfu-en_US.cab
C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd

O16 -: PoppaZoppa by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/poppazoppa/poppazoppa-en_US.cab
C:\WINDOWS\Downloaded Program Files\PoppaZoppa by pogo.osd

O16 -: Poppit by pogo - hxxp://game3.pogo.com/v/8.1.7.44/applet/poppit2/poppit2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd

O16 -: Ride The Tide by pogo - hxxp://game3.pogo.com/v/9.0.2.13/applet/ride/ride-en_US.cab
C:\WINDOWS\Downloaded Program Files\Ride The Tide by pogo.osd

O16 -: Stellar Sweeper by pogo - hxxp://game3.pogo.com/v/9.0.1.23/applet/sweeper/sweeper-en_US.cab
C:\WINDOWS\Downloaded Program Files\Stellar Sweeper by pogo.osd

O16 -: Texas Hold'em Poker by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/holdem/holdem-en_US.cab
C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd

O16 -: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
C:\WINDOWS\Downloaded Program Files\TruePass EPF 7,0,100,739.osd

O16 -: Tumble Bees by pogo - hxxp://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd

O16 -: Wonderland Memories by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/memories/memories-en_US.cab
C:\WINDOWS\Downloaded Program Files\Wonderland Memories by pogo.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 15:45:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-02 15:46:05
ComboFix-quarantined-files.txt 2008-08-02 19:45:52

Pre-Run: 216,342,003,712 bytes free
Post-Run: 216,329,936,896 bytes free

250 --- E O F --- 2008-08-01 23:32:29

Logfile of HijackThis v1.99.1
Scan saved at 3:48:03 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: F2atv Forums Toolbar - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - C:\Program Files\F2atv_Forums\tbF2a1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/8.1.9.1/applet/battlephlinx/battlephlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.1.14/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.2.13/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.0.1.14/applet/cascade/cascade-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.7.44/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/v/8.1.7.44/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game3.pogo.com/v/9.0.1.7/applet/greenback/greenback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/8.1.9.1/applet/hangman/hangman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game1.pogo.com/v/8.1.8.21/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game3.pogo.com/v/8.1.7.44/applet/allin/allin-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game3.pogo.com/v/9.0.1.23/applet/penguins/penguins-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.1.7/applet/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/8.1.7.44/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.com/v/9.0.2.13/applet/ride/ride-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/9.0.1.23/applet/sweeper/sweeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.com/v/9.0.1.14/applet/holdem/holdem-en_US.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.1.7/applet/memories/memories-en_US.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201921339765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201921320109
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

0

Did you do this;

ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/subm....php?channel=4

If not please do.
Your HJT log didn't show up, but what did show was an older version, not the version 2.02 that you first used to post. Was this a new version of combofix or one you previously had on the machine.
If this was an old version please remove it and download a new one.
To uninstall ComboFix.exe And all Backups of files that it deleted

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
If shown the disclaimer, Select "2"

I believe that MSN Messenger is now Windows Live Messenger.
You obviously have infections on the computer which could have caused the problem but it also could be because you are not running the latest version, OR a combination of the two.
But when you said it doesn't work there are NINE instances of it showing as running in the background during your initial HJT scan. So it is obviously there.
Try uninstalling it. When the computer is clean, and NOT before, then download a new copy from HERE
One of the logs shows the ESET online scanner but I see no log for that. Could you run it again and post the log?

0

can some one help me i need to know how to sort out msn messanger my login want login and im upset

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.