0

got this thingy that blinks and makes pop ups @ the bottom of mah screen
Says virus alert and etc. Tried with a-squared, ad-aware, etc etc etc to take it away. but all atempts have failed. So now I turn to you guys and hopefully u can help me :)
---------------


Logfile of HijackThis v1.99.1
Scan saved at 15:14:09, on 2006-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Messenger\msmsgs.exe
C:\DOCUME~1\ANDREA~1\APPLIC~1\RACLE~1\dvdplay.exe
C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe\w?nspool.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\foobar200009\foobar2000.exe
E:\Diablo II\Diablo II.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rsvp.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp84A2.tmp
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareQuake] C:\Program\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Trlu] "C:\DOCUME~1\ANDREA~1\APPLIC~1\RACLE~1\dvdplay.exe" -vt mt
O4 - HKCU\..\Run: [Mblewze] C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe\w?nspool.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {ECE1E720-86BE-4A75-8509-D4D9FAF35B8D} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

3
Contributors
11
Replies
12
Views
11 Years
Discussion Span
Last Post by awslessar
0

You have got alot of problems...

Spybot S&D will remove NewDotNet and WebHancer by the way :)

But let's start here...

Look in Add/Remove Programs and uninstall

New.Net
NewDotNet
WebHancer
Logitech Desktop Messenger (if not used)

Download Spysweeper here
http://www.malwareteks.com/dload.php?action=download&file_id=5
-Update to the latest definitions and run it
-Remove everything that it finds
-Please attach the log when returning

Download Ewido
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1
-Click Update>Start Update
-Run it and remove everything it finds
-Save the report at the end and attach it for me when you return

Now follow my steps here for Spyware Quake Removal
http://www.malwareteks.com/kb.php?mode=article&k=71&sid=63979b48309049dd8c78e9db33342869

When you return, please attach the following logs for me

Spysweeper
Ewido
Smitrem
New HijackThis

Good Luck :)

0
FROM SPYSWEEPER.


********
16:20: |       Start of Session, den 29 mars 2006       |
16:20: Spy Sweeper started
16:20: Sweep initiated using definitions version 643
16:20: Found Adware: security2k hijacker
16:20: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || nvctrl.exe (ID = 1052559)
16:20: nvctrl.exe (ID = 1052559)
16:20: Found Trojan Horse: trojan-downloader-zlob
16:20: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
16:20: mssearchnet.exe (ID = 1052560)
16:20: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1052561)
16:20: dfrgsrv.exe (ID = 1052561)
16:20: Starting Memory Sweep
16:20:   Found Adware: popuper
16:20:   HKCR\clsid\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\inprocserver32\  (2 subtraces) (ID = 1150213)
16:20:   hpCC0A.tmp (ID = 1150213)
16:21:   Found Adware: purityscan
16:21:   Detected running threat: C:\Documents and Settings\Andreas Hallikainen\Application Data\?racle\dvdplay.exe (ID = 230)
16:23: Memory Sweep Complete, Elapsed Time: 00:02:23
16:23: Starting Registry Sweep
16:23:   HKCR\clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}\  (21 subtraces) (ID = 137128)
16:23:   HKCR\clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}\  (3 subtraces) (ID = 137170)
16:23:   HKCR\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\  (8 subtraces) (ID = 137348)
16:23:   HKCR\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\  (8 subtraces) (ID = 137349)
16:23:   HKCR\mediaticketsinstaller.mediaticketsinstallerctrl.1\  (3 subtraces) (ID = 137352)
16:23:   HKLM\software\classes\clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}\  (21 subtraces) (ID = 137470)
16:23:   HKLM\software\classes\clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}\  (3 subtraces) (ID = 137505)
16:23:   HKLM\software\classes\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\  (8 subtraces) (ID = 137678)
16:23:   HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\  (8 subtraces) (ID = 137679)
16:23:   HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\typelib\  (2 subtraces) (ID = 137680)
16:23:   HKLM\software\classes\mediaticketsinstaller.mediaticketsinstallerctrl.1\  (3 subtraces) (ID = 137683)
16:23:   HKLM\software\classes\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\  (9 subtraces) (ID = 137687)
16:23:   HKLM\software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}\  (14 subtraces) (ID = 137704)
16:23:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\  (2 subtraces) (ID = 137986)
16:23:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
16:23:   HKLM\software\microsoft\windows\currentversion\uninstall\mediatickets\  (12 subtraces) (ID = 139080)
16:23:   HKCR\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\  (9 subtraces) (ID = 139091)
16:23:   Found Adware: webhancer
16:23:   HKLM\software\webhancer\  (5 subtraces) (ID = 146278)
16:23:   Found Adware: winad
16:23:   HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\  (14 subtraces) (ID = 147153)
16:23:   HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\  (14 subtraces) (ID = 147167)
16:23:   HKCR\mediagateway.installer\  (5 subtraces) (ID = 359542)
16:23:   HKLM\software\classes\mediagateway.installer\  (5 subtraces) (ID = 359544)
16:23:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\  (2 subtraces) (ID = 735573)
16:23:   Found Adware: 180search assistant/zango
16:23:   HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\  (1 subtraces) (ID = 792270)
16:23:   HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\  (1 subtraces) (ID = 792320)
16:23:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
16:23:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 797671)
16:23:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || nvctrl.exe (ID = 797753)
16:23:   Found Trojan Horse: trojan agent winlogonhook
16:23:   HKLM\software\microsoft\mssmgr\  (12 subtraces) (ID = 937101)
16:23:   HKCR\mediagateway.installer.1\  (3 subtraces) (ID = 1026542)
16:23:   HKCR\mediagateway.licenseinstaller\  (5 subtraces) (ID = 1026546)
16:23:   HKCR\mediagateway.licenseinstaller.1\  (3 subtraces) (ID = 1026552)
16:23:   HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\  (14 subtraces) (ID = 1026556)
16:23:   HKCR\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\  (9 subtraces) (ID = 1026571)
16:23:   HKLM\software\classes\mediagateway.licenseinstaller\  (5 subtraces) (ID = 1026584)
16:23:   HKLM\software\classes\mediagateway.licenseinstaller.1\  (3 subtraces) (ID = 1026590)
16:23:   HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\  (14 subtraces) (ID = 1026594)
16:23:   HKLM\software\classes\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\  (9 subtraces) (ID = 1026609)
16:23:   HKLM\software\mediagateway\  (4 subtraces) (ID = 1026619)
16:23:   HKLM\software\classes\mediagateway.installer.1\  (3 subtraces) (ID = 1026624)
16:23:   HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\  (2 subtraces) (ID = 1026626)
16:23:   HKCR\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c}\  (8 subtraces) (ID = 1027782)
16:23:   HKCR\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\  (8 subtraces) (ID = 1027791)
16:23:   HKLM\software\classes\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\  (8 subtraces) (ID = 1027841)
16:23:   HKCR\clsid\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (4 subtraces) (ID = 1150210)
16:23:   HKLM\software\classes\clsid\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (4 subtraces) (ID = 1150211)
16:23:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (1 subtraces) (ID = 1150212)
16:23:   Found Adware: spyware quake
16:23:   HKCR\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\  (35 subtraces) (ID = 1218826)
16:23:   HKCR\typelib\{661173ee-fa31-4769-97d4-b556b5d09bda}\  (9 subtraces) (ID = 1218844)
16:23:   HKLM\software\spywarequake\  (1 subtraces) (ID = 1218854)
16:23:   HKLM\software\classes\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\  (35 subtraces) (ID = 1218857)
16:23:   HKLM\software\microsoft\windows\currentversion\run\ || spywarequake (ID = 1218858)
16:23:   HKLM\software\microsoft\windows\currentversion\uninstall\spywarequake\  (7 subtraces) (ID = 1218859)
16:23:   HKLM\software\classes\typelib\{661173ee-fa31-4769-97d4-b556b5d09bda}\  (9 subtraces) (ID = 1218883)
16:23:   HKLM\software\microsoft\windows\currentversion\app paths\spywarequake.exe\  (1 subtraces) (ID = 1218894)
16:23:   Found Adware: spyware quake fakealert
16:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {e2ca7cd1-1ad9-f1c4-3d2a-dc1a33e7af9d} (ID = 1219030)
16:23:   HKU\S-1-5-21-448539723-688789844-839522115-1003\software\classes\clsid\{e2ca7cd1-1ad9-f1c4-3d2a-dc1a33e7af9d}\  (3 subtraces) (ID = 1219032)
16:23: Registry Sweep Complete, Elapsed Time:00:00:05
16:23: Starting Cookie Sweep
16:23:   Found Spy Cookie: yieldmanager cookie
16:23:   andreas [email]hallikainen@ad.yieldmanager[1].txt[/email] (ID = 3751)
16:23:   Found Spy Cookie: atlas dmt cookie
16:23:   andreas [email]hallikainen@atdmt[2].txt[/email] (ID = 2253)
16:23:   Found Spy Cookie: malwarewipe cookie
16:23:   andreas [email]hallikainen@malwarewipe[2].txt[/email] (ID = 6467)
16:23:   Found Spy Cookie: partypoker cookie
16:23:   andreas [email]hallikainen@partypoker[2].txt[/email] (ID = 3111)
16:23:   Found Spy Cookie: pesttrap cookie
16:23:   andreas [email]hallikainen@www.pesttrap[1].txt[/email] (ID = 6462)
16:23:   Found Spy Cookie: xiti cookie
16:23:   andreas [email]hallikainen@xiti[1].txt[/email] (ID = 3717)
16:23: Cookie Sweep Complete, Elapsed Time: 00:00:03
16:23: Starting File Sweep
16:23:   c:\program\whinstall (2 subtraces) (ID = -2147480064)
16:23:   c:\program\spywarequake (13 subtraces) (ID = -2147453334)
16:23:   c:\program\mediagateway (ID = -2147463340)
16:23:   c:\documents and settings\andreas hallikainen\start-meny\program\spywarequake (3 subtraces) (ID = -2147453332)
16:23:   adse0000 (ID = 267748)
16:23:   adservice.dll (ID = 267748)
16:23:   whinstaller.ini (ID = 83847)
16:24:   Found Trojan Horse: trojan-downloader-aux
16:24:   win2c.tmp.exe (ID = 267746)
16:24:   spywarequake.exe (ID = 271989)
16:24:   HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SpywareQuake (ID = 0)
16:24:   whagent.inf (ID = 83820)
16:27:   whagent.exe (ID = 83818)
16:28:   wh.exe (ID = 156803)
16:28:   winzp32[1].exe (ID = 267747)
16:28:   srvlbin5[1].exe (ID = 267746)
16:28:   180c4.mht (ID = 147169)
16:29:   win36b.tmp.exe (ID = 267746)
16:41:   spywarequake 2.0.lnk (ID = 271989)
16:41:   spywarequake.lnk (ID = 271989)
16:41:   spywarequake 2.0.lnk (ID = 271989)
16:41:   spywarequake 2.0.lnk (ID = 271989)
16:41: File Sweep Complete, Elapsed Time: 00:17:46
16:41: Full Sweep has completed.  Elapsed time 00:20:19
16:41: Traces Found: 513
17:07: Removal process initiated
17:07:   Quarantining All Traces: 180search assistant/zango
17:07:   Quarantining All Traces: popuper
17:07:   popuper is in use.  It will be removed on reboot.
17:07:     hpCC0A.tmp is in use.  It will be removed on reboot.
17:07:   Quarantining All Traces: purityscan
17:07:   purityscan is in use.  It will be removed on reboot.
17:07:     C:\Documents and Settings\Andreas Hallikainen\Application Data\?racle\dvdplay.exe is in use.  It will be removed on reboot.
17:07:   Quarantining All Traces: security2k hijacker
17:07:   Quarantining All Traces: trojan-downloader-zlob
17:07:   trojan-downloader-zlob is in use.  It will be removed on reboot.
17:07:     mssearchnet.exe is in use.  It will be removed on reboot.
17:07:   Quarantining All Traces: trojan agent winlogonhook
17:07:   Quarantining All Traces: trojan-downloader-aux
17:07:   Quarantining All Traces: winad
17:07:   Quarantining All Traces: spyware quake fakealert
17:07:   Quarantining All Traces: spyware quake
17:07:   Quarantining All Traces: webhancer
17:07:   Quarantining All Traces: atlas dmt cookie
17:07:   Quarantining All Traces: malwarewipe cookie
17:07:   Quarantining All Traces: partypoker cookie
17:07:   Quarantining All Traces: pesttrap cookie
17:07:   Quarantining All Traces: xiti cookie
17:07:   Quarantining All Traces: yieldmanager cookie
17:07: Removal process completed.  Elapsed time 00:00:42
********
16:19: |       Start of Session, den 29 mars 2006       |
16:19: Spy Sweeper started
16:20: Your spyware definitions have been updated.
16:20: |       End of Session, den 29 mars 2006


-----------------------


FROM EWIDO


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           17:58:35, 2006-03-29
+ Report-Checksum:      1C078D9A


+ Scan result:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-448539723-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-448539723-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
[620] C:\WINDOWS\system32\winghy32.dll -> Downloader.Small.cml : Error during cleaning
:mozilla.11:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.713:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.754:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.757:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Andreas Hallikainen\Application Data\Mozilla\Firefox\Profiles\hkwa19l8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Application Data\Οracle\__delete_on_reboot__dvdplay.exe -> Downloader.PurityScan.cb : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Cookies\andreas [email]hallikainen@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temp\!update.exe -> Downloader.PurityScan.cb : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temporary Internet Files\Content.IE5\0B37E09H\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temporary Internet Files\Content.IE5\2LFO58VM\rdgSE2427[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temporary Internet Files\Content.IE5\HZRB1DGE\!update-3615[1].0000 -> Downloader.PurityScan.cb : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temporary Internet Files\Content.IE5\KZ5VYMV5\MediaTicketsInstaller[1].cab/MediaTicketsInstaller.ocx -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Andreas Hallikainen\Lokala inställningar\Temporary Internet Files\Content.IE5\S9EBSD2B\!update-3595[1].0000 -> Downloader.PurityScan.bw : Cleaned with backup
C:\Program\Security Stronghold\True Sword\Infected\MediaGateway.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\1024\ld7EA5.tmp -> Dropper.Agent.alo : Cleaned with backup
C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\hpCDFE.tmp -> Downloader.Zlob.jp : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\ld1E5F4A -> Downloader.Zlob.jm : Cleaned with backup
C:\WINDOWS\system32\ldCB5E.tmp -> Downloader.Zlob.jm : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
C:\WINDOWS\system32\stickrep.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__winghy32.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\Temp\hniicpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\obagbcod.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Temp\win2F.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win36D.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup



::Report End


-----------



NEW HIJACKTHIS



Logfile of HijackThis v1.99.1
Scan saved at 19:05:43, on 2006-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\Program\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe\w?nspool.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Windows NT\Tillbehör\WORDPAD.EXE
C:\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mblewze] C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe\w?nspool.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe


----------------------

Thx for the help :D. Is it clean now ?

Edited by happygeek: fixed formatting

0

Whoa sorry for the delay, didnt get a reply notification.

Your log looks alot better, let's get the rest

Scan with HijackThis and place a check next to the following

O4 - HKCU\..\Run: [Mblewze] C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe\w?nspool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)

Now close ALL Browsers and choose FIX CHECKED

Afterwards delete this folder

C:\Documents and Settings\Andreas Hallikainen\Mina dokument\?dobe

Please note that the ? can be any one character, so you will have to look around to see which one it is.

Other than that your logs look good :)

0

Hey D3m3nt3d,

I was wondering if you could help me, by checking my log file, I am so ticked off, you spend all your hard earned cash to buy a computer for university and it just stuffs up.

Thanks heaps.

Andrew

Spy Sweeper


********
10:17 AM: |       Start of Session, Monday, April 10, 2006       |
10:17 AM: Spy Sweeper started
10:17 AM: Sweep initiated using definitions version 652
10:17 AM: Starting Memory Sweep
10:20 AM: Memory Sweep Complete, Elapsed Time: 00:02:42
10:20 AM: Starting Registry Sweep
10:20 AM:   Found Adware: security2k hijacker
10:20 AM:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\  (2 subtraces) (ID = 735573)
10:20 AM:   Found Trojan Horse: trojan-downloader-zlob
10:20 AM:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
10:20 AM:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 797671)
10:20 AM:   HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || nvctrl.exe (ID = 797753)
10:20 AM:   Found Trojan Horse: trojan agent winlogonhook
10:20 AM:   HKLM\software\microsoft\mssmgr\  (9 subtraces) (ID = 937101)
10:20 AM:   Found Adware: popuper
10:20 AM:   HKCR\clsid\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (4 subtraces) (ID = 1150210)
10:20 AM:   HKLM\software\classes\clsid\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (4 subtraces) (ID = 1150211)
10:20 AM:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\  (1 subtraces) (ID = 1150212)
10:20 AM:   Found Adware: spyfalcon
10:20 AM:   HKCR\clsid\{330a77c2-c15a-43b5-055c-b4e35eaed279}\  (19 subtraces) (ID = 1150214)
10:20 AM:   HKLM\software\classes\clsid\{330a77c2-c15a-43b5-055c-b4e35eaed279}\  (19 subtraces) (ID = 1150256)
10:20 AM:   Found Adware: spyfalcon fakealert
10:20 AM:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {d1a2e7cd-f5c1-21a8-ca2c-13d0ac72d19d} (ID = 1150314)
10:20 AM:   HKU\S-1-5-21-1614895754-1979792683-725345543-1003\software\classes\clsid\{d1a2e7cd-f5c1-21a8-ca2c-13d0ac72d19d}\  (3 subtraces) (ID = 1150261)
10:20 AM: Registry Sweep Complete, Elapsed Time:00:00:21
10:20 AM: Starting Cookie Sweep
10:20 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:20 AM: Starting File Sweep
10:20 AM:   c:\program files\spyfalcon (1 subtraces) (ID = -2147456512)
10:27 AM:   spyfalcon.exe (ID = 253405)
10:29 AM: File Sweep Complete, Elapsed Time: 00:09:07
10:29 AM: Full Sweep has completed.  Elapsed time 00:12:13
10:29 AM: Traces Found: 76
10:30 AM: Removal process initiated
10:30 AM:   Quarantining All Traces: popuper
10:30 AM:   Quarantining All Traces: security2k hijacker
10:30 AM:   Quarantining All Traces: trojan-downloader-zlob
10:30 AM:   Quarantining All Traces: trojan agent winlogonhook
10:30 AM:   Quarantining All Traces: spyfalcon fakealert
10:30 AM:   Quarantining All Traces: spyfalcon
10:30 AM: Removal process completed.  Elapsed time 00:00:35
10:31 AM: Deletion from quarantine initiated
10:31 AM: Processing: popuper
10:31 AM: Processing: security2k hijacker
10:31 AM: Processing: spyfalcon
10:31 AM: Processing: spyfalcon fakealert
10:31 AM: Processing: trojan agent winlogonhook
10:31 AM: Processing: trojan-downloader-zlob
10:31 AM: Deletion from quarantine completed.  Elapsed time 00:00:00
********
10:15 AM: |       Start of Session, Monday, April 10, 2006       |
10:15 AM: Spy Sweeper started
10:17 AM: Your spyware definitions have been updated.
10:17 AM: |       End of Session, Monday, April 10, 2006       |



Ewido


--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           10:54:37 AM, 4/10/2006
+ Report-Checksum:      1FAEC38


+ Scan result:


HKU\S-1-5-21-1614895754-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
:mozilla.7:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\ttzhnt2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.9:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\ttzhnt2k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.32:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\ttzhnt2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Catherine Slessar\Application Data\Mozilla\Firefox\Profiles\3wumyone.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup



::Report End


Hijack this


Logfile of HijackThis v1.99.1
Scan saved at 10:56:57 AM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\W?nSxS\?ti2evxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
D:\Hijack This\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {C90F251A-EBD0-C229-A1FB-953BF0027492} - C:\WINDOWS\system32\naqbct.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Folk] C:\WINDOWS\W?nSxS\?ti2evxx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA86694E-BB72-4C52-BB71-EF8B9477EED9}: Domain = vic.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winsqs32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Edited by happygeek: fixed formatting

0

Couple more scans for me, then we'll get to your log.

Download smitRem.exe -Save it to your Desktop.
-DoubleClick it to extract the contents to a new smitRem Folder.
-Just leave it for now.

Please Boot to Safe Mode.

Continuing in Safe Mode,
-Open the smitRem Folder
-DoubleClick the RunThis.bat file to run the tool.
-Follow the prompts on screen
-Allow the tool to complete its run and finish the Disk Cleanup.
-Reboot to Normal Mode
-There should be a log at C:\smitfiles.txt.
-Please submit that

Download WinPFind
http://www.bleepingcomputer.com/files/winpfind.php
-Follow step 9 here on how to properly run it:
http://wiki.castlecops.com/Vundo_Rootkit_Detection_and_Removal_Procedure
-Save the log and attach for me

Also attach a new HijackThis log

0

Hey,

Her are the new sacn results

Thanks

Andrew

smitRem © log file
version 2.8


by noahdfear



Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/11/2006
The current time is: 16:38:12.17


Running from
D:\Smit\smitRem


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Pre-run SharedTask Export


(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com


Registry Pseudo-Format Mode (Not a valid reg file):


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key


ShudderLTD key not present!


checking for PSGuard.com key


PSGuard.com key not present!



checking for WinHound.com key


WinHound.com key not present!


spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Existing Pre-run Files



~~~ Program Files ~~~


~~~ Shortcuts ~~~


Install.dat



~~~ Favorites ~~~


Antivirus Test Online.url



~~~ system32 folder ~~~


1024 dir
ncompat.tlb
logfiles



~~~ Icons in System32 ~~~


ts.ico
ot.ico



~~~ Windows directory ~~~


~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 860 'explorer.exe'


Starting registry repairs


Registry repairs complete


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


SharedTask Export after registry fix


(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com


Registry Pseudo-Format Mode (Not a valid reg file):


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Deleting files


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files



~~~ Program Files ~~~


~~~ Shortcuts ~~~


~~~ Favorites ~~~


~~~ system32 folder ~~~


1024 dir
ncompat.tlb
logfiles



~~~ Icons in System32 ~~~


ts.ico
ot.ico



~~~ Windows directory ~~~


~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~


wininet.dll is missing!!


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...
UPX!                 9/19/2004 1:23:48 AM        504320     C:\daemon347.exe


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
UPX!                 8/22/2004 4:04:56 PM        69120      C:\WINDOWS\daemon.dll
UPX!                 4/18/2005 1:49:26 PM        57344      C:\WINDOWS\Unwash6.exe


Checking %System% folder...
PEC2                 8/4/2004 11:07:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2           3/9/2006 3:21:10 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               3/9/2006 3:21:10 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 11:07:00 AM        708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 11:07:00 AM        657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/4/2004 11:07:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/11/2006 4:50:22 PM      S 2048       C:\WINDOWS\bootstat.dat
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\WindowsShell.Manifest
2/21/2006 11:53:22 AM    H  65         C:\WINDOWS\Downloaded Program Files\desktop.ini
2/21/2006 11:54:00 AM    HS 67         C:\WINDOWS\Fonts\desktop.ini
3/2/2006 5:28:54 PM      H  0          C:\WINDOWS\inf\oem15.inf
2/21/2006 11:53:22 AM    H  65         C:\WINDOWS\Offline Web Pages\desktop.ini
2/21/2006 11:53:40 AM   RHS 727        C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
2/21/2006 11:53:40 AM   RHS 19854      C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
2/21/2006 11:53:40 AM   RHS 244933     C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
2/21/2006 11:54:38 AM    H  225280     C:\WINDOWS\repair\ntuser.dat
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\system32\cdplayer.exe.manifest
2/21/2006 11:53:22 AM   RH  488        C:\WINDOWS\system32\logonui.exe.manifest
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\system32\ncpa.cpl.manifest
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\system32\nwc.cpl.manifest
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\system32\sapi.cpl.manifest
2/21/2006 11:53:22 AM   RH  488        C:\WINDOWS\system32\WindowsLogon.manifest
2/21/2006 11:53:16 AM   RH  749        C:\WINDOWS\system32\wuaucpl.cpl.manifest
2/15/2006 4:49:00 PM      S 9639       C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912475.cat
4/11/2006 4:50:28 PM     H  12288      C:\WINDOWS\system32\config\default.LOG
4/11/2006 4:50:52 PM     H  1024       C:\WINDOWS\system32\config\SAM.LOG
4/11/2006 4:50:24 PM     H  12288      C:\WINDOWS\system32\config\SECURITY.LOG
4/11/2006 4:50:32 PM     H  57344      C:\WINDOWS\system32\config\software.LOG
4/11/2006 4:50:28 PM     H  847872     C:\WINDOWS\system32\config\system.LOG
2/21/2006 10:41:28 PM    H  1024       C:\WINDOWS\system32\config\TempKey.LOG
2/21/2006 10:41:30 PM    H  1024       C:\WINDOWS\system32\config\userdiff.LOG
3/17/2006 5:25:06 PM     H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2/21/2006 10:42:56 PM    HS 62         C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
2/21/2006 10:42:56 PM    HS 62         C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
2/21/2006 11:59:52 AM    HS 113        C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
2/21/2006 11:59:52 AM    HS 113        C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2XGBODO5\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6PWLYZGL\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I32POHIZ\desktop.ini
2/21/2006 11:59:52 AM    HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVG1UJGR\desktop.ini
2/21/2006 11:53:24 AM    HS 181        C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
2/21/2006 10:42:56 PM    HS 62         C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
2/21/2006 11:54:36 AM    HS 148        C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
2/21/2006 11:54:36 AM    HS 482        C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
2/21/2006 11:54:36 AM    HS 348        C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2/21/2006 11:54:36 AM    HS 84         C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2/21/2006 11:54:36 AM    HS 84         C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
2/21/2006 12:00:00 PM    HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\679d7d50-67fa-4911-9bd6-84c431372a1d
2/21/2006 12:00:00 PM    HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
4/11/2006 4:49:08 PM     H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
8/19/2003 5:20:04 PM        180224     C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        68608      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    5/18/2005 5:17:54 PM    R   18726912   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/4/2004 11:07:00 AM        549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         11/10/2005 1:03:50 PM       49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        68608      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        549888     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        135168     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        155136     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        358400     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        129536     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        68608      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        618496     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        257024     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        114688     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        155648     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        298496     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        94208      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          8/4/2004 11:07:00 AM        148480     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
2/21/2006 11:54:36 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini


Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/21/2006 10:42:56 PM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini


Checking files in %USERPROFILE%\Startup folder...
4/8/2006 12:42:20 AM        988        C:\Documents and Settings\andrew\Start Menu\Programs\Startup\Adobe Gamma.lnk
2/21/2006 11:54:36 AM    HS 84         C:\Documents and Settings\andrew\Start Menu\Programs\Startup\desktop.ini
3/12/2006 12:30:00 PM       704        C:\Documents and Settings\andrew\Start Menu\Programs\Startup\Morpheus.lnk


Checking files in %USERPROFILE%\Application Data folder...
2/21/2006 10:42:56 PM    HS 62         C:\Documents and Settings\andrew\Application Data\desktop.ini


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1  =


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}   = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46}   = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}   = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}   = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}   = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46}   = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2E608F70-C430-4bc5-96F6-608E02EBA5B2}   = BitComet Toolbar : C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText   = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText   = Messenger    : C:\Program Files\Messenger\msmsgs.exe


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} =    :
{2E608F70-C430-4BC5-96F6-608E02EBA5B2} = BitComet Toolbar   : C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
DAEMON Tools-1033   "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
LXCFCATS    rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
VTTimer VTTimer.exe
VTTrayp VTtrayp.exe
SoundMan    SOUNDMAN.EXE
CaAvTray    "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
CAVRID  "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
SpySweeper  "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ShStatEXE   "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
MSConfig    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS  "C:\Program Files\Messenger\msmsgs.exe" /background
Folk    C:\WINDOWS\W?nSxS\?ti2evxx.exe
LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 2
services    0
startup 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges  0



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1
DisableTaskMgr  0



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents  0
NoComponents    0
NoDeletingComponents    0
NoEditingComponents 0
NoCloseDragDropBands    0
NoMovingBands   0
NoHTMLWallPaper 0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145
NoActiveDesktop 0
NoSaveSettings  0
ClassicShell    0
NoThemesTab 0
ForceActiveDesktopOn    0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr  0
NoDispAppearancePage    0
NoColorChoice   0
NoSizeChoice    0
NoDispBackgroundPage    0
NoDispScrSavPage    0
NoDispCPL   0
NoVisualStyleChoice 0
NoDispSettingsPage  0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsqs32
=


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/11/2006 4:57:40 PM


Logfile of HijackThis v1.99.1
Scan saved at 5:01:56 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\W?nSxS\?ti2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Hijack This\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {C90F251A-EBD0-C229-A1FB-953BF0027492} - blank (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Folk] C:\WINDOWS\W?nSxS\?ti2evxx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA86694E-BB72-4C52-BB71-EF8B9477EED9}: Domain = vic.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winsqs32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Edited by happygeek: fixed formatting

0

Hey,

Here are the new scan results

Thanks

Andrew


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/11/2006
The current time is: 16:38:12.17

Running from
D:\Smit\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
ncompat.tlb
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~

~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 860 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Remaining Post-run Files


~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

1024 dir
ncompat.tlb
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~

~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

wininet.dll is missing!!

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 9/19/2004 1:23:48 AM 504320 C:\daemon347.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 4:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 4/18/2005 1:49:26 PM 57344 C:\WINDOWS\Unwash6.exe

Checking %System% folder...
PEC2 8/4/2004 11:07:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 3/9/2006 3:21:10 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 3/9/2006 3:21:10 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 11:07:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 11:07:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 11:07:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/11/2006 4:50:22 PM S 2048 C:\WINDOWS\bootstat.dat
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\WindowsShell.Manifest
2/21/2006 11:53:22 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
2/21/2006 11:54:00 AM HS 67 C:\WINDOWS\Fonts\desktop.ini
3/2/2006 5:28:54 PM H 0 C:\WINDOWS\inf\oem15.inf
2/21/2006 11:53:22 AM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
2/21/2006 11:53:40 AM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
2/21/2006 11:53:40 AM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
2/21/2006 11:53:40 AM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
2/21/2006 11:54:38 AM H 225280 C:\WINDOWS\repair\ntuser.dat
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
2/21/2006 11:53:22 AM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
2/21/2006 11:53:22 AM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
2/21/2006 11:53:16 AM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
2/15/2006 4:49:00 PM S 9639 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912475.cat
4/11/2006 4:50:28 PM H 12288 C:\WINDOWS\system32\config\default.LOG
4/11/2006 4:50:52 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
4/11/2006 4:50:24 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
4/11/2006 4:50:32 PM H 57344 C:\WINDOWS\system32\config\software.LOG
4/11/2006 4:50:28 PM H 847872 C:\WINDOWS\system32\config\system.LOG
2/21/2006 10:41:28 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
2/21/2006 10:41:30 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
3/17/2006 5:25:06 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2/21/2006 10:42:56 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
2/21/2006 10:42:56 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
2/21/2006 11:59:52 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
2/21/2006 11:59:52 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2XGBODO5\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6PWLYZGL\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I32POHIZ\desktop.ini
2/21/2006 11:59:52 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVG1UJGR\desktop.ini
2/21/2006 11:53:24 AM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
2/21/2006 10:42:56 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
2/21/2006 11:54:36 AM HS 148 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
2/21/2006 11:54:36 AM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
2/21/2006 11:54:36 AM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2/21/2006 11:54:36 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2/21/2006 11:54:36 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
2/21/2006 12:00:00 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\679d7d50-67fa-4911-9bd6-84c431372a1d
2/21/2006 12:00:00 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
4/11/2006 4:49:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/19/2003 5:20:04 PM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 5/18/2005 5:17:54 PM R 18726912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 11:07:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 11:07:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/21/2006 11:54:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/21/2006 10:42:56 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
4/8/2006 12:42:20 AM 988 C:\Documents and Settings\andrew\Start Menu\Programs\Startup\Adobe Gamma.lnk
2/21/2006 11:54:36 AM HS 84 C:\Documents and Settings\andrew\Start Menu\Programs\Startup\desktop.ini
3/12/2006 12:30:00 PM 704 C:\Documents and Settings\andrew\Start Menu\Programs\Startup\Morpheus.lnk

Checking files in %USERPROFILE%\Application Data folder...
2/21/2006 10:42:56 PM HS 62 C:\Documents and Settings\andrew\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2E608F70-C430-4bc5-96F6-608E02EBA5B2} = BitComet Toolbar : C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{2E608F70-C430-4BC5-96F6-608E02EBA5B2} = BitComet Toolbar : C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
LXCFCATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
VTTimer VTTimer.exe
VTTrayp VTtrayp.exe
SoundMan SOUNDMAN.EXE
CaAvTray "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
CAVRID "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Folk C:\WINDOWS\W?nSxS\?ti2evxx.exe
LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsqs32
=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/11/2006 4:57:40 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:01:56 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\W?nSxS\?ti2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {C90F251A-EBD0-C229-A1FB-953BF0027492} - blank (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Folk] C:\WINDOWS\W?nSxS\?ti2evxx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA86694E-BB72-4C52-BB71-EF8B9477EED9}: Domain = vic.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winsqs32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

0

Alright - Smitrem removed the remnants of SpyFalcon so thats good.

I want you to copy and paste C:\daemon.exe here at this website and upload it for analysis
http://virusscan.jotti.org/

Please let me know what it says.

Also if you do not use it, look in Add/Remove Programs and uninstall
Logitech Desktop Messenger

OK now reboot to Safe Mode

Scan with HijackThis and place a check next to the following

R3 - URLSearchHook: (no name) - {C90F251A-EBD0-C229-A1FB-953BF0027492} - blank (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Folk] C:\WINDOWS\W?nSxS\?ti2evxx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O20 - Winlogon Notify: winsqs32 - C:\WINDOWS\

Now with All Browsers closed, choose Fix Checked

Now using Windows Explorer, look for and delete the following

C:\WINDOWS\W?nSxS <-- the ? can be any random character, please do not delete the WinSxs folder
C:\Windows\winsqs32.dll
C:\Program Files\Logitech Desktop Messenger

Now be sure to empty everything in C:\WINDOWS\Prefetch as well as your Recycle Bin

Reboot to Normal Mode and attach a new HijackThis log, let me know if you are still having problems

0

Thank you so much for all you help. I am greatful.

Her is the new Hijsck and the antivirus didnt find anything on that daemon file.

cheers

Andrew

Logfile of HijackThis v1.99.1
Scan saved at 5:10:45 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA86694E-BB72-4C52-BB71-EF8B9477EED9}: Domain = vic.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.