Solved Rogue Anti Virus Program

[Resolved] Rogue Anti Virus Program

Oh Dear, what have my kids downloded now?
I seem to have a program that has installed itself on my computer and placed 2 icons on my desktop, people have told me it is a rogue program.
every couple of minutes it pops up messages telling me that I am infected with Networm-i-virus@tp, spybot@MXt and PSW.W-Vir Spyware among others.
It has made my computer virtually unusable.
I have run my anti virus which is CA Security Centre and Anti Virus, Spybot Search and Destroy and Spyblaster but to no avail, can somebody give me some help please, Regards, John

 

Hi John

Please download the HijackThis Installer from here, then run a scan and save the log. Close it for now ..... we won't need that log.

Next, download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

It is telling me the file is too long, I will have to send it in 2 halves.

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-19 14:06:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-11-19 03:06:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:00 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\VTTimer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINXP\system32\vizsmgwn.dll
O2 - BHO: (no name) - {AF39458E-FE3E-424C-88B5-5DA7D91F9C8D} - C:\WINXP\system32\mljgf.dll
O2 - BHO: {4e2c730d-d7a8-236a-db14-045f6d9426fa} - {af6249d6-f540-41bd-a632-8a7dd037c2e4} - C:\WINXP\system32\oyfnvbmy.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINXP\system32\vizsmgwn.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Host Process] C:\WINXP\Fonts\svchost.exe
O4 - HKLM\..\Run: [ivonqhwd] rundll32.exe "C:\Program Files\dqberavk\lufybaxo.dll ",Init
O4 - HKLM\..\Run: [crcjetyh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\crcjetyh.dll "
O4 - HKLM\..\Run: [3e1d11a4] rundll32.exe "C:\WINXP\system32\nlwqemjx.dll ",b
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ahwtatih] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ahwtatih.dll "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINXP\system32\oline.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINXP\system32\__c00C9000.dat
O20 - Winlogon Notify: ddcbyxv - C:\WINXP\SYSTEM32\ddcbyxv.dll
O20 - Winlogon Notify: vizsmgwn - C:\WINXP\SYSTEM32\vizsmgwn.dll
O20 - Winlogon Notify: winghy32 - C:\WINXP\SYSTEM32\winghy32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 30290 bytes

 

2nd half

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BT848 (MuchTV Fusion WDM Video Capture) - c:\winxp\system32\drivers\bt848.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 BTTUNER (MuchTV Fusion WDM Tuner) - c:\winxp\system32\drivers\bttuner.sys <Not Verified; TelSignal Co., Ltd.; BTTUNER.SYS>
R2 BTXBAR (MuchTV Fusion WDM Crossbar) - c:\winxp\system32\drivers\btxbar.sys <Not Verified; TelSignal Co., Ltd.; BTXBAR.SYS>
R2 LF30FS - c:\program files\everstrike software\lock folder xp 3.5\lf30xp.sys
R2 MASPINT - c:\winxp\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Pcouffin (Low level access layer for CD devices) - c:\winxp\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 Ser2pl (Prolific2 Serial port driver) - c:\winxp\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6120 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6120 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 13:55:46 438 --a------ C:\WINXP\Tasks\RegCure Program Check.job
2007-11-14 16:08:12 284 --a------ C:\WINXP\Tasks\AppleSoftwareUpdate.job
2007-11-14 08:56:30 514 --a------ C:\WINXP\Tasks\CAAntiSpywareScan_Daily as Owner at 8 56 AM.job
2007-06-30 09:49:48 106 --a------ C:\WINXP\Tasks\SesamTVMC.job
2007-04-18 09:17:44 372 --a------ C:\WINXP\Tasks\RegCure.job


-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-19 10:46:26 102400 --a------ C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
2007-11-19 10:46:03 0 d-------- C:\Program Files\Avwrvbbu
2007-11-19 10:34:54 36352 --a------ C:\WINXP\system32\hggdaax.dll
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 09:37:27 85056 --a------ C:\WINXP\system32\nlwqemjx.dll
2007-11-19 09:34:30 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll
2007-11-19 09:28:24 141109 --ahs---- C:\WINXP\system32\fgjlm.ini2
2007-11-19 09:25:22 145984 --a------ C:\WINXP\system32\vizsmgwn.dll
2007-11-19 09:24:58 145984 --a------ C:\WINXP\system32\pjktfdnv.dll
2007-11-19 08:31:25 0 d-------- C:\WINXP\system32\qfovkrbl
2007-11-19 08:31:23 0 d-------- C:\Program Files\SecCenter
2007-11-19 08:31:14 0 d-------- C:\Program Files\Armqmaue
2007-11-19 08:30:18 320608 --a------ C:\WINXP\system32\mljgf.dll
2007-11-19 08:27:07 15360 --a------ C:\WINXP\system32\drvhagr.dll
2007-11-19 08:25:21 36352 --a------ C:\WINXP\system32\xxywwwt.dll
2007-11-19 08:25:18 0 --a------ C:\Install
2007-11-19 08:25:14 0 d-------- C:\Program Files\dqberavk
2007-11-19 08:25:06 24576 --a------ C:\WINXP\system32\winghy32.dll
2007-11-19 08:24:59 38912 --a------ C:\WINXP\system32\ddcbyxv.dll
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 09:16:34 6 --a------ C:\WINXP\system32\mkghj.dll
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum


-- Find3M Report ---------------------------------------------------------------

2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-05 15:32:42 5637 --a------ C:\WINXP\mozver.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
19/11/2007 10:46 AM 102400 --a------ C:\Program Files\Avwrvbbu\hwgbgcgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
19/11/2007 08:25 AM 38912 --a------ C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
19/11/2007 09:25 AM 145984 --a------ C:\WINXP\system32\vizsmgwn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF39458E-FE3E-424C-88B5-5DA7D91F9C8D}]
19/11/2007 08:30 AM 320608 --a------ C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af6249d6-f540-41bd-a632-8a7dd037c2e4}]
19/11/2007 09:34 AM 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583} "= C:\WINXP\system32\vizsmgwn.dll [19/11/2007 09:25 AM 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]
"Host Process "= "C:\WINXP\Fonts\svchost.exe" [01/10/2007 12:15 PM]
"ivonqhwd "= "C:\Program Files\dqberavk\lufybaxo.dll" [19/11/2007 08:25 AM]
"crcjetyh "= "regsvr32 /u C:\Documents and Settings\All Users\Application Data\crcjetyh.dll" []
"3e1d11a4 "= "C:\WINXP\system32\nlwqemjx.dll" [19/11/2007 09:37 AM]
"SC2 "= "C:\Program Files\SecCenter\scprot4.exe" [19/11/2007 10:46 AM]
"ahwtatih "= "regsvr32 /u C:\Documents and Settings\All Users\Application Data\ahwtatih.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [02/10/2007 04:44 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2/10/2007 4:44:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "= C:\WINXP\system32\ddcbyxv.dll [19/11/2007 08:25 AM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyxv]
ddcbyxv.dll 19/11/2007 08:25 AM 38912 C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vizsmgwn]
vizsmgwn.dll 19/11/2007 09:25 AM 145984 C:\WINXP\system32\vizsmgwn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll 19/11/2007 08:25 AM 24576 C:\WINXP\system32\winghy32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\WINXP\system32\__c00C9000.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINXP\system32\mljgf.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]
C:\WINXP\system32\derstg.exe



-- End of Deckard's System Scanner: finished at 2007-11-19 14:15:28 ------------

 

Ugghhh ......... you've got a nasty new one.

Download VundoFix by Atribune, saving it to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new dss log.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

 

I am also getting an exeption notice on booting up
"Exeption Processing Message" c0000013 Parameters 75b6bf9c 75b6bf9c 75b6bf9c
And a box that says "Internet Exporer has encountered an error and needs to close. sorry for te inconvenience.

 

Lets get the infection out and see if we still have that error to deal with when done.

 

OK that seems to have fixes a few of them, all I have now is a "Gummy Bear" ringtone pop-up and the last 2 problems quoted, here is the files:-


VundoFix V6.6.2

Checking Java version...

Scan started at 3:46:27 PM 19/11/2007

Listing files found while scanning....

C:\WINXP\system32\vizsmgwn.dll

Beginning removal...

Attempting to delete C:\WINXP\system32\vizsmgwn.dll
C:\WINXP\system32\vizsmgwn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-19 15:55:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:56 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\VTTimer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll
O2 - BHO: (no name) - {37974D93-137D-4F71-8574-B0E175F1BF76} - C:\WINXP\system32\mljgf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {4e2c730d-d7a8-236a-db14-045f6d9426fa} - {af6249d6-f540-41bd-a632-8a7dd037c2e4} - C:\WINXP\system32\oyfnvbmy.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Host Process] C:\WINXP\Fonts\svchost.exe
O4 - HKLM\..\Run: [ivonqhwd] rundll32.exe "C:\Program Files\dqberavk\lufybaxo.dll ",Init
O4 - HKLM\..\Run: [3e1d11a4] rundll32.exe "C:\WINXP\system32\nlwqemjx.dll ",b
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ahwtatih] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ahwtatih.dll "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINXP\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINXP\system32\oline.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINXP\system32\__c00C9000.dat
O20 - Winlogon Notify: ddcbyxv - C:\WINXP\SYSTEM32\ddcbyxv.dll
O20 - Winlogon Notify: winghy32 - C:\WINXP\SYSTEM32\winghy32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 29711 bytes

 

2nd half of dss log:-

-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-19 15:46:27 0 d-------- C:\VundoFix Backups
2007-11-19 10:46:26 102400 --a------ C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
2007-11-19 10:46:03 0 d-------- C:\Program Files\Avwrvbbu
2007-11-19 10:34:54 36352 --a------ C:\WINXP\system32\hggdaax.dll
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 09:37:27 85056 --a------ C:\WINXP\system32\nlwqemjx.dll
2007-11-19 09:34:30 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll
2007-11-19 09:28:24 144686 --ahs---- C:\WINXP\system32\fgjlm.ini2
2007-11-19 09:24:58 145984 --a------ C:\WINXP\system32\pjktfdnv.dll
2007-11-19 08:31:25 0 d-------- C:\WINXP\system32\qfovkrbl
2007-11-19 08:31:23 0 d-------- C:\Program Files\SecCenter
2007-11-19 08:31:14 0 d-------- C:\Program Files\Armqmaue
2007-11-19 08:30:18 320608 --a------ C:\WINXP\system32\mljgf.dll
2007-11-19 08:27:07 15360 --a------ C:\WINXP\system32\drvhagr.dll
2007-11-19 08:25:21 36352 --a------ C:\WINXP\system32\xxywwwt.dll
2007-11-19 08:25:18 0 --a------ C:\Install
2007-11-19 08:25:14 0 d-------- C:\Program Files\dqberavk
2007-11-19 08:25:06 24576 --a------ C:\WINXP\system32\winghy32.dll
2007-11-19 08:24:59 38912 --a------ C:\WINXP\system32\ddcbyxv.dll
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 09:16:34 6 --a------ C:\WINXP\system32\mkghj.dll
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum


-- Find3M Report ---------------------------------------------------------------

2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-05 15:32:42 5637 --a------ C:\WINXP\mozver.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
19/11/2007 10:46 AM 102400 --a------ C:\Program Files\Avwrvbbu\hwgbgcgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
19/11/2007 08:25 AM 38912 --a------ C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37974D93-137D-4F71-8574-B0E175F1BF76}]
19/11/2007 08:30 AM 320608 --a------ C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af6249d6-f540-41bd-a632-8a7dd037c2e4}]
19/11/2007 09:34 AM 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]
"Host Process "= "C:\WINXP\Fonts\svchost.exe" [01/10/2007 12:15 PM]
"ivonqhwd "= "C:\Program Files\dqberavk\lufybaxo.dll" [19/11/2007 08:25 AM]
"3e1d11a4 "= "C:\WINXP\system32\nlwqemjx.dll" [19/11/2007 09:37 AM]
"SC2 "= "C:\Program Files\SecCenter\scprot4.exe" [19/11/2007 10:46 AM]
"ahwtatih "= "regsvr32 /u C:\Documents and Settings\All Users\Application Data\ahwtatih.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [02/10/2007 04:44 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2/10/2007 4:44:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "= C:\WINXP\system32\ddcbyxv.dll [19/11/2007 08:25 AM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyxv]
ddcbyxv.dll 19/11/2007 08:25 AM 38912 C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll 19/11/2007 08:25 AM 24576 C:\WINXP\system32\winghy32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\WINXP\system32\__c00C9000.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINXP\system32\mljgf.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]
C:\WINXP\system32\derstg.exe



-- End of Deckard's System Scanner: finished at 2007-11-19 15:58:13 ------------

 

Oh boy ........ looks like you may have gotten the full package.

First, search your drive for two files

x.dat
z.dat

You may find them in C: and again in C:\Documents and Settings\username directories. Open them with notepad (rename with a txt extension if necessary) and see if any of your passwords are stored. If so, bear in mind those will need to be changed once we get this machine cleaned.

Next, if you don't use the Logitech Desktop Messenger software, it would make the logs much smaller if you uninstalled it via Add/Remove programs.


Now, scan again with HijackThis and place a check next to the following entries, close all other windows and click Fix Checked.

O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll
O2 - BHO: (no name) - {37974D93-137D-4F71-8574-B0E175F1BF76} - C:\WINXP\system32\mljgf.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {4e2c730d-d7a8-236a-db14-045f6d9426fa} - {af6249d6-f540-41bd-a632-8a7dd037c2e4} - C:\WINXP\system32\oyfnvbmy.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Host Process] C:\WINXP\Fonts\svchost.exe
O4 - HKLM\..\Run: [ivonqhwd] rundll32.exe "C:\Program Files\dqberavk\lufybaxo.dll ",Init
O4 - HKLM\..\Run: [3e1d11a4] rundll32.exe "C:\WINXP\system32\nlwqemjx.dll ",b
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ahwtatih] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ahwtatih.dll "
O20 - AppInit_DLLs: C:\WINXP\system32\__c00C9000.dat
O20 - Winlogon Notify: ddcbyxv - C:\WINXP\SYSTEM32\ddcbyxv.dll
O20 - Winlogon Notify: winghy32 - C:\WINXP\SYSTEM32\winghy32.dll


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now reboot into Safe Mode and logon to your user account.

1. Open the extracted SDFix folder and double click RunThis.bat to start the script.
2. Type Y to begin the cleanup process.
3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
4. Press any Key and it will restart the PC.
5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
6. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
   (Report.txt will also be copied to Clipboard ready for posting back on the forum).
7. Post the contents of the Report.txt along with a new dss log.

 

I am halfway through your instructions, now I have a problem I have always had with this computer, I cannot boot it into safe mode, I have pressed F1, F8, Del and all the combinations, it will not go into safe mode!

 

And just to make life more difficult, the pop ups we got rid of earlier with Vundo Fix are now back again!

 

Repeatedly tapping F8 just after the initial BIOS post should bring up the Advanced start menu ........ does it not?

We can add a line to your boot.ini file too. Right click My Computer and select Properties. Select the Advanced tab, then Settings under Startup and Recovery. Click Edit, then copy the contents and post it here.

 

I have been on this all day, I must get some food, I will be back in an hour, cheers mate!

 

I'll have to catch up with you tomorrow. It's near 2 am and I have work in a couple of hrs. You eat, I'll sleep

 

OK Noah, well it looks like a lot of the probs are gone but I still have the problems with internet explorer and on bootup as mentioned in post #6, I cant use IE and I am getting pop ups from http://indexmeonline.com/loans/index.html and a pop up called "Crush Calculator!

 

Here is the info required from post #13, no its does not go to safe mode after tapping F8 its just carries on booting up!

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINXP= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

 

OK Noah, the other pop up I am getting is from http://au.thelovercalculator.com/Other/?a=AdOn

 

Noah, here is the very latest DSS scan result:-........

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-20 03:03:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:00 AM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINXP\system32\VTTimer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe
C:\WINXP\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {4e2c730d-d7a8-236a-db14-045f6d9426fa} - {af6249d6-f540-41bd-a632-8a7dd037c2e4} - C:\WINXP\system32\oyfnvbmy.dll
O2 - BHO: (no name) - {BA5A6550-B567-40A9-966E-1AF43AA46608} - C:\WINXP\system32\mljgf.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcbyxv - C:\WINXP\SYSTEM32\ddcbyxv.dll
O20 - Winlogon Notify: winghy32 - C:\WINXP\SYSTEM32\winghy32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 28213 bytes

 

2nd Page

End of file - 28213 bytes

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 03:04:39 0 d-------- C:\WINXP\LastGood
2007-11-19 17:17:22 0 d--hs---- C:\FOUND.014
2007-11-19 17:03:20 145984 --a------ C:\WINXP\system32\hvbmisyi.dll
2007-11-19 15:46:27 0 d-------- C:\VundoFix Backups
2007-11-19 10:46:26 102400 --a------ C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
2007-11-19 10:46:03 0 d-------- C:\Program Files\Avwrvbbu
2007-11-19 10:34:54 36352 --a------ C:\WINXP\system32\hggdaax.dll
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 09:37:27 85056 --a------ C:\WINXP\system32\nlwqemjx.dll
2007-11-19 09:34:30 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll
2007-11-19 09:28:24 165609 --ahs---- C:\WINXP\system32\fgjlm.ini2
2007-11-19 09:24:58 145984 --a------ C:\WINXP\system32\pjktfdnv.dll
2007-11-19 08:31:25 0 d-------- C:\WINXP\system32\qfovkrbl
2007-11-19 08:31:23 0 d-------- C:\Program Files\SecCenter
2007-11-19 08:31:14 0 d-------- C:\Program Files\Armqmaue
2007-11-19 08:30:18 320608 --a------ C:\WINXP\system32\mljgf.dll
2007-11-19 08:27:07 15360 --a------ C:\WINXP\system32\drvhagr.dll
2007-11-19 08:25:21 36352 --a------ C:\WINXP\system32\xxywwwt.dll
2007-11-19 08:25:18 0 --a------ C:\Install
2007-11-19 08:25:14 0 d-------- C:\Program Files\dqberavk
2007-11-19 08:25:06 24576 --a------ C:\WINXP\system32\winghy32.dll
2007-11-19 08:24:59 38912 --a------ C:\WINXP\system32\ddcbyxv.dll
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 09:16:34 6 --a------ C:\WINXP\system32\mkghj.dll
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum


-- Find3M Report ---------------------------------------------------------------

2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-05 15:32:42 5637 --a------ C:\WINXP\mozver.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
19/11/2007 10:46 AM 102400 --a------ C:\Program Files\Avwrvbbu\hwgbgcgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
19/11/2007 08:25 AM 38912 --a------ C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af6249d6-f540-41bd-a632-8a7dd037c2e4}]
19/11/2007 09:34 AM 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA5A6550-B567-40A9-966E-1AF43AA46608}]
19/11/2007 08:30 AM 320608 --a------ C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"ctfmon.exe "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "= C:\WINXP\system32\ddcbyxv.dll [19/11/2007 08:25 AM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyxv]
ddcbyxv.dll 19/11/2007 08:25 AM 38912 C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll 19/11/2007 08:25 AM 24576 C:\WINXP\system32\winghy32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINXP\system32\mljgf.dll


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]
C:\WINXP\system32\derstg.exe



-- End of Deckard's System Scanner: finished at 2007-11-20 03:08:02 ------------