Solved Rogue Anti Virus Program

aussiejohn · 2007/11/19

Good Morning Noah, I managed to get into safe mode by changing the boot.ini with msconfig, I ran the SDFix as you told me and here are the results.....

SDFix: Version 1.114

Run by Owner on Tue 20/11/2007 at 08:37 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINXP\Fonts\svchost.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINXP
No streams found.

C:\WINXP\system32
No streams found.

C:\WINXP\system32\svchost.exe
No streams found.

C:\WINXP\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-20 09:07:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CrazyTalk Serve = rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile?1???????????????????????????|?????????????????D?|p??|???|?D?|?5?|?C?|????????????????HF??????????b???0???'??????????|b???*???????????????????????`???????????????0??????????????????|???????????????|

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Trillian\\trillian.exe "= "C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian "
"C:\\Program Files\\Messenger\\MSMSGS.EXE "= "C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger "
"C:\\Program Files\\ICQ\\Icq.exe "= "C:\\Program Files\\ICQ\\Icq.exe:*:Enabled:ICQ "
"C:\\Program Files\\NetMeeting\\conf.exe "= "C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr "
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe "= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE "= "C:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE:*:Enabled:Microsoft Word for Windows "
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\WS_FTP\\WS_FTP95.EXE "= "C:\\Program Files\\WS_FTP\\WS_FTP95.EXE:*:Enabled:WS_FTP 95 "
"C:\\Program Files\\ICQLite\\ICQLite.exe "= "C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\SolarWinds\\Free Tools\\TFTP-Server.exe "= "C:\\Program Files\\SolarWinds\\Free Tools\\TFTP-Server.exe:*:Enabled:SolarWinds.Net TFTP Server "
"C:\\Documents and Settings\\Owner\\Desktop\\TFTP\\SolarWinds\\Free Tools\\TFTP-Server.exe "= "C:\\Documents and Settings\\Owner\\Desktop\\TFTP\\SolarWinds\\Free Tools\\TFTP-Server.exe:*:Enabled:SolarWinds.Net TFTP Server "
"C:\\Program Files\\SolarWinds\\Free Tools\\TFTP\\TFTP-Server.exe "= "C:\\Program Files\\SolarWinds\\Free Tools\\TFTP\\TFTP-Server.exe:*:Enabled:SolarWinds.Net TFTP Server "
"C:\\Documents and Settings\\Owner\\Desktop\\TFTP\\Free Tools\\TFTP-Server.exe "= "C:\\Documents and Settings\\Owner\\Desktop\\TFTP\\Free Tools\\TFTP-Server.exe:*:Enabled:SolarWinds.Net TFTP Server "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\ICQ6\\ICQ.exe "= "C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6 "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480 "
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "= "C:\\Program Files\\Windows Media Player\\wmplayer.exe:*isabled:Windows Media Player "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free. "
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win2A3.exe "= "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win2A3.exe:*:Enabled:win2A3 "
"C:\\WINXP\\system32\\vewmoqef.exe "= "C:\\WINXP\\system32\\vewm "
"C:\\WINXP\\TEMP\\winA2.exe "= "C:\\WINXP\\TEMP\\winA2.exe:*:Enabled:winA2 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 3 May 2006 163,328 ..SHR --- "C:\WINXP\system32\flvDX.dll "
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINXP\system32\msfDX.dll "
Mon 19 Nov 2007 20,810 ..SH. --- "C:\WINXP\system32\spthcmzp.dllbox "
Mon 19 Nov 2007 20,810 ..SH. --- "C:\WINXP\system32\vizsmgwn.dllbox "
Fri 12 May 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak "
Thu 4 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Sat 5 May 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe "
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll "
Wed 22 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll "
Mon 6 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll "
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll "
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll "
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll "
Mon 10 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll "
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll "
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll "
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll "
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll "
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll "
Mon 10 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll "
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll "
Wed 11 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll "
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll "
Mon 10 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll "
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll "
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll "
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll "
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll "
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll "
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll "
Mon 10 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll "
Sat 9 Sep 2006 401 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak "
Thu 4 May 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak "
Sat 9 Sep 2006 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak "
Wed 22 Feb 2006 21,504 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0005.tmp "
Wed 7 Nov 2007 80,384 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0004.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico2.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico3.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico4.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico5.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico30.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico7.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico6.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico12.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico8.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico9.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico13.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico31.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico14.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoA.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoB.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico32.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoC.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico16.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico17.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico18.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico19.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1A.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1B.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico21.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico22.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico23.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico24.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico25.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico26.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico27.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico28.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico29.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico2E.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico2F.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico48.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico49.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico36.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico37.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico38.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico39.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico3A.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico4A.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico4B.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico4C.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico10.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1C.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1D.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1E.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico1F.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico20.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoD.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoE.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\icoF.tmp "
Mon 19 Nov 2007 4,286 A..H. --- "C:\Deckard\System Scanner\20071119155521\backup\DOCUME~1\Owner\LOCALS~1\Temp\ico11.tmp "

Finished!

noahdfear · 2007/11/19

Great! Please delete the copy of VundoFix you currently have, and the C:\VundoFix.txt log, then download a fresh copy and run it. Post the new C:\VundoFix.txt log and a fresh dss.log

Click Start>Run and type firewall.cpl then hit enter to open the Windows Firewall applet. Click the Exceptions tab and remove the entries related to the following.

"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win2A3.exe "= "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win2A3.exe:* :Enabled:win2A3 "

"C:\\WINXP\\system32\\vewmoqef.exe "= "C:\\WINXP\\system32\\vewm "

"C:\\WINXP\\TEMP\\winA2.exe "= "C:\\WINXP\\TEMP\\win A2.exe:*:Enabled:winA2 "

aussiejohn · 2007/11/19

Hello Noah, I downloaded a fresh VundoFix and ran it and it said there were no bad files?
Also none of the 4 entries are in my firewall exceptions, I might add that my Windows firewall is turned off because my wireless router has it's own firewall and they clash with each other!

noahdfear · 2007/11/19

Just post a fresh dss log then.

Those entries (there are 3) may well not be listed on the exceptions tab, but they are set to have access through the Windows Firewall via the registry. I personally wouldn't want the entries in my approved access list, regardless of whether I use the WF or not. If you feel the same, and you're comfortable with a bit of registry editing, you can find the entries at the following location.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

They will be in the right pane and can be deleted. Leave the other listed values as they are valid.

aussiejohn · 2007/11/19

First Half......

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-20 14:42:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 93% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:41 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\VTTimer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINXP\system32\ctfmon.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\qoeapp.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63775B1B-1DD4-4B72-A2B3-439DE851EBDA} - C:\WINXP\system32\mljgf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {f38c38e7-f298-27e9-ce54-df26a6c3bb18} - {81bb3c6a-62fd-45ec-9e72-892f7e83c83f} - C:\WINXP\system32\rgndpmqs.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcbyxv - C:\WINXP\SYSTEM32\ddcbyxv.dll
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 28617 bytes

aussiejohn · 2007/11/19

2nd Half....

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 14:13:42 0 d-------- C:\VundoFix Backups
2007-11-20 09:36:42 83008 --a------ C:\WINXP\system32\rgndpmqs.dll
2007-11-20 08:36:01 0 d-------- C:\WINXP\ERUNT
2007-11-19 17:17:22 0 d--hs---- C:\FOUND.014
2007-11-19 17:03:20 145984 --a------ C:\WINXP\system32\hvbmisyi.dll
2007-11-19 10:46:26 102400 --a------ C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
2007-11-19 10:46:03 0 d-------- C:\Program Files\Avwrvbbu
2007-11-19 10:34:54 36352 --a------ C:\WINXP\system32\hggdaax.dll
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 09:34:30 79424 --a------ C:\WINXP\system32\oyfnvbmy.dll
2007-11-19 09:28:24 148377 --ahs---- C:\WINXP\system32\fgjlm.ini2
2007-11-19 09:24:58 145984 --a------ C:\WINXP\system32\pjktfdnv.dll
2007-11-19 08:31:25 0 d-------- C:\WINXP\system32\qfovkrbl
2007-11-19 08:31:23 0 d-------- C:\Program Files\SecCenter
2007-11-19 08:31:14 0 d-------- C:\Program Files\Armqmaue
2007-11-19 08:30:18 320608 --a------ C:\WINXP\system32\mljgf.dll
2007-11-19 08:27:07 15360 --a------ C:\WINXP\system32\drvhagr.dll
2007-11-19 08:25:21 36352 --a------ C:\WINXP\system32\xxywwwt.dll
2007-11-19 08:25:18 0 --a------ C:\Install
2007-11-19 08:25:14 0 d-------- C:\Program Files\dqberavk
2007-11-19 08:24:59 38912 --a------ C:\WINXP\system32\ddcbyxv.dll
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 09:16:34 6 --a------ C:\WINXP\system32\mkghj.dll
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum

-- Find3M Report ---------------------------------------------------------------

2007-11-20 04:09:36 5637 --a------ C:\WINXP\mozver.dat
2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
19/11/2007 10:46 AM 102400 --a------ C:\Program Files\Avwrvbbu\hwgbgcgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
19/11/2007 08:25 AM 38912 --a------ C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63775B1B-1DD4-4B72-A2B3-439DE851EBDA}]
19/11/2007 08:30 AM 320608 --a------ C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81bb3c6a-62fd-45ec-9e72-892f7e83c83f}]
20/11/2007 09:36 AM 83008 --a------ C:\WINXP\system32\rgndpmqs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"ctfmon.exe "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "= C:\WINXP\system32\ddcbyxv.dll [19/11/2007 08:25 AM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyxv]
ddcbyxv.dll 19/11/2007 08:25 AM 38912 C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]
C:\WINXP\system32\derstg.exe

-- End of Deckard's System Scanner: finished at 2007-11-20 14:45:00 ------------

aussiejohn · 2007/11/19

OK Noah, I went into the registry and found 3 of those entries and deleted them, would that have had anything to do with the pop ups because I still have them, a total of 4 at the moment!

noahdfear · 2007/11/19

We're gonna work on those popups right now.

Delete the following folders, unless you know any of them to be valid. If so, let me know which ones and what they are for.

C:\Program Files\Avwrvbbu
C:\WINXP\system32\qfovkrbl
C:\Program Files\SecCenter
C:\Program Files\Armqmaue
C:\Program Files\dqberavk

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: vundofix.vft
Save As Type: All Files (*.*)
Code:
C:\WINXP\system32\rgndpmqs.dll
C:\WINXP\system32\hvbmisyi.dll
C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
C:\WINXP\system32\hggdaax.dll
C:\WINXP\system32\oyfnvbmy.dll
C:\WINXP\system32\fgjlm.ini2
C:\WINXP\system32\pjktfdnv.dll
C:\WINXP\system32\mljgf.dll
C:\WINXP\system32\drvhagr.dll
C:\WINXP\system32\xxywwwt.dll
C:\Install
C:\WINXP\system32\ddcbyxv.dll
C:\WINXP\system32\mkghj.dll
Close all other windows and programs.

Double-click VundoFix.exe to run it.

Drag vundofix.vft onto the listbox (white box) of VundoFix.

Click the "Remove Vundo" button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new dss log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting

Do you have an XP cd with which to access the recovery console? If not, do you have a blank cd and a cd burner?

aussiejohn · 2007/11/19

I do not have a XP CD but I have an empty DVD or CD and a burner

First Half.........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:43 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\VTTimer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll (file missing)
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63775B1B-1DD4-4B72-A2B3-439DE851EBDA} - C:\WINXP\system32\mljgf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {f38c38e7-f298-27e9-ce54-df26a6c3bb18} - {81bb3c6a-62fd-45ec-9e72-892f7e83c83f} - C:\WINXP\system32\rgndpmqs.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 28189 bytes

aussiejohn · 2007/11/19

2nd Half.........

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 15:52:45 24576 --a------ C:\WINXP\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-20 14:13:42 0 d-------- C:\VundoFix Backups
2007-11-20 08:36:01 0 d-------- C:\WINXP\ERUNT
2007-11-19 17:17:22 0 d--hs---- C:\FOUND.014
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum

-- Find3M Report ---------------------------------------------------------------

2007-11-20 04:09:36 5637 --a------ C:\WINXP\mozver.dat
2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08C525F4-2EBD-396D-B12A-005661A8CF95}]
C:\Program Files\Avwrvbbu\hwgbgcgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}]
C:\WINXP\system32\ddcbyxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63775B1B-1DD4-4B72-A2B3-439DE851EBDA}]
C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81bb3c6a-62fd-45ec-9e72-892f7e83c83f}]
C:\WINXP\system32\rgndpmqs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"ctfmon.exe "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "= C:\WINXP\system32\ddcbyxv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINXP\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]
C:\WINXP\system32\derstg.exe

-- End of Deckard's System Scanner: finished at 2007-11-20 16:02:30 ------------

aussiejohn · 2007/11/19

VundoFix report.......

VundoFix V6.6.2

Checking Java version...

Scan started at 2:13:42 PM 20/11/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\Documents and Settings\All Users\Application Data\ahwtatih.dll
C:\Documents and Settings\All Users\Application Data\ahwtatih.dll Has been deleted!

Attempting to delete C:\Install
C:\Install Has been deleted!

Attempting to delete C:\WINXP\system32\ddcbyxv.dll
C:\WINXP\system32\ddcbyxv.dll Has been deleted!

Attempting to delete C:\WINXP\system32\drvhagr.dll
C:\WINXP\system32\drvhagr.dll Has been deleted!

Attempting to delete C:\WINXP\system32\fgjlm.ini2
C:\WINXP\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\WINXP\system32\hggdaax.dll
C:\WINXP\system32\hggdaax.dll Has been deleted!

Attempting to delete C:\WINXP\system32\hvbmisyi.dll
C:\WINXP\system32\hvbmisyi.dll Has been deleted!

Attempting to delete C:\WINXP\system32\mkghj.dll
C:\WINXP\system32\mkghj.dll Has been deleted!

Attempting to delete C:\WINXP\system32\mljgf.dll
C:\WINXP\system32\mljgf.dll Has been deleted!

Attempting to delete C:\WINXP\system32\oyfnvbmy.dll
C:\WINXP\system32\oyfnvbmy.dll Has been deleted!

Attempting to delete C:\WINXP\system32\pjktfdnv.dll
C:\WINXP\system32\pjktfdnv.dll Has been deleted!

Attempting to delete C:\WINXP\system32\rgndpmqs.dll
C:\WINXP\system32\rgndpmqs.dll Has been deleted!

Attempting to delete C:\WINXP\system32\xxywwwt.dll
C:\WINXP\system32\xxywwwt.dll Has been deleted!

Performing Repairs to the registry.
Done!

noahdfear · 2007/11/19

That's great!

Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2C80EAD3-74CD-4700-83A4-AA878CD1C03C} "=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{53BB2E32-AA1C-C3D4-E6B1-4D235E06055A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages "=hex(7):6d,73,76,31,5f,30,00,00
Click to expand...

Double click fix.reg and allow it to merge with the registry.

Scan again with HijackThis and place a check next to the following, close all other windows then click Fix Checked.

O2 - BHO: (no name) - {08C525F4-2EBD-396D-B12A-005661A8CF95} - C:\Program Files\Avwrvbbu\hwgbgcgk.dll (file missing)
O2 - BHO: (no name) - {2C80EAD3-74CD-4700-83A4-AA878CD1C03C} - C:\WINXP\system32\ddcbyxv.dll (file missing)
O2 - BHO: (no name) - {63775B1B-1DD4-4B72-A2B3-439DE851EBDA} - C:\WINXP\system32\mljgf.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {f38c38e7-f298-27e9-ce54-df26a6c3bb18} - {81bb3c6a-62fd-45ec-9e72-892f7e83c83f} - C:\WINXP\system32\rgndpmqs.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)

Close HijackThis.

Reboot and do one more dss scan for me please, then post the new log.

aussiejohn · 2007/11/20

OK Noah, I did all you told me to do in the last post and here is the DSS log....

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-20 17:51:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:23 PM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINXP\system32\HPZipm12.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\VTTimer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MuchTV\tvrmvcr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ozemail.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [BigDogPath] C:\WINXP\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINXP\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe "
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Copy Location - C:\WINXP\WEB\graburl.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://myaccount.centrelink.gov.au
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129981876609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://au.mcafee.com/Apps/WSC/en-au/WscWlanScannerCtrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C4A24-EE52-4CE9-97E7-E397B65AE406}: NameServer = 210.80.58.34,210.80.58.42
O18 - Protocol: bw+0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {307876BC-C6AF-461E-AB27-EE798629BC5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 27487 bytes

aussiejohn · 2007/11/20

Here is the second half.......

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 15:52:45 24576 --a------ C:\WINXP\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-20 14:13:42 0 d-------- C:\VundoFix Backups
2007-11-20 08:36:01 0 d-------- C:\WINXP\ERUNT
2007-11-19 17:17:22 0 d--hs---- C:\FOUND.014
2007-11-19 09:41:32 0 d-------- C:\Program Files\Trend Micro
2007-11-19 07:55:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-11-18 17:03:09 0 d-------- C:\Program Files\Trillian
2007-11-14 08:57:05 0 d-------- C:\Documents and Settings\Owner\Application Data\CallingID
2007-11-14 08:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 08:56:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-14 08:55:35 0 d-------- C:\WINXP\rnapxs
2007-11-08 10:29:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-11-08 10:29:39 0 d-------- C:\Program Files\CA
2007-11-01 16:39:52 0 d-------- C:\MediaCell
2007-11-01 16:36:07 0 d-------- C:\Program Files\MediaCell Video Converter
2007-10-30 08:18:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-10-30 07:28:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-10-30 07:24:07 0 d-------- C:\Program Files\PC Connectivity Solution
2007-10-30 07:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-30 05:46:06 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 05:45:28 162304 --a------ C:\WINXP\system32\ztvunrar36.dll
2007-10-30 05:45:28 77312 --a------ C:\WINXP\system32\ztvunace26.dll
2007-10-30 05:45:28 69632 --a------ C:\WINXP\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-10-30 05:45:28 153088 --a------ C:\WINXP\system32\UNRAR3.dll
2007-10-30 05:45:28 75264 --a------ C:\WINXP\system32\unacev2.dll
2007-10-30 05:45:26 0 d-------- C:\Program Files\Trojan Remover
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2007-10-30 05:45:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\DVD Flick
2007-10-29 10:39:58 0 d-------- C:\Program Files\DVD Flick
2007-10-27 19:36:10 0 d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-10-27 19:35:44 0 d-------- C:\Program Files\SoundSpectrum

-- Find3M Report ---------------------------------------------------------------

2007-11-20 04:09:36 5637 --a------ C:\WINXP\mozver.dat
2007-10-30 08:30:52 555137 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2007-10-30 07:53:08 80072 --a------ C:\WINXP\HPHins08.dat
2007-10-02 15:16:22 0 d-------- C:\Program Files\iPod
2007-10-02 15:16:08 0 d-------- C:\Program Files\iTunes
2007-09-28 16:24:12 0 d-------- C:\Program Files\AskPBar

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [15/01/2004 10:33 PM C:\WINXP\system32\VTTimer.exe]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 05:54 PM]
"zBrowser Launcher "= "C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 10:32 PM]
"Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
"BigDogPath "= "C:\WINXP\VM_STI.exe" []
"CrazyTalk Serve "= "C:\WINXP\system32\CrazyTalk.dll" [07/05/2006 12:02 PM]
"HPHUPD08 "= "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [22/12/2005 06:13 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 04:24 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 02:42 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [10/12/2002 06:32 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [10/12/2002 06:31 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]
"cctray "= "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [14/10/2007 04:06 PM]
"CAVRID "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [14/10/2007 03:31 PM]
"QOELOADER "= "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.21\QOELoader.exe" [14/11/2007 08:56 AM]
"cafw "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [17/10/2007 10:27 PM]
"capfasem "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [17/10/2007 10:27 PM]
"capfupgrade "= "C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [17/10/2007 10:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD "= "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [06/06/2007 08:45 AM]
"ctfmon.exe "= "C:\WINXP\system32\ctfmon.exe" [04/08/2004 12:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [18/06/2005 10:13:49 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 8:05:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/10/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [18/08/2005 10:20:30 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [19/08/2005 1:01:32 AM]
MuchTV Remote.lnk - C:\Program Files\MuchTV\tvrmvcr.exe [30/06/2007 10:32:51 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 02:30 PM 79368 C:\WINXP\system32\UmxWNP.dll

-- End of Deckard's System Scanner: finished at 2007-11-20 17:53:31 ------------

noahdfear · 2007/11/20

Looks good.

Remove the following.

dss.exe
SDFix.exe
VundoFix.exe
C:\Deckard
C:\SDFix
C:\VundoFix Backups

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log.

aussiejohn · 2007/11/20

Hello Noah, well the scan finally finished.
Whilst the Kaspersky scan was running, my own Anti Virus which is CA Anti Virus
popped up on several occasions and has reported and deleted 11 viruses,
8 Win32/Kewrih.I and 3 Win32/Vundo.GZ, here is the Kaspersky report.....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 20, 2007 9:36:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/11/2007
Kaspersky Anti-Virus database records: 462183
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 63917
Number of viruses found: 9
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 01:09:32

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\xpupdate.exe.ren Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\WINDOWS\xpupdate.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\WINXP\system32\config\system.LOG Object is locked skipped
C:\WINXP\system32\config\software.LOG Object is locked skipped
C:\WINXP\system32\config\default.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY Object is locked skipped
C:\WINXP\system32\config\SAM Object is locked skipped
C:\WINXP\system32\config\SAM.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SYSTEM Object is locked skipped
C:\WINXP\system32\config\SOFTWARE Object is locked skipped
C:\WINXP\system32\config\DEFAULT Object is locked skipped
C:\WINXP\system32\config\Internet.evt Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINXP\system32\CatRoot2\edb.log Object is locked skipped
C:\WINXP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINXP\system32\h323log.txt Object is locked skipped
C:\WINXP\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINXP\system32\drvhag.dll.ren Infected: Trojan.Win32.Dialer.qn skipped
C:\WINXP\Debug\PASSWD.LOG Object is locked skipped
C:\WINXP\Sti_Trace.log Object is locked skipped
C:\WINXP\wiaservc.log Object is locked skipped
C:\WINXP\wiadebug.log Object is locked skipped
C:\WINXP\avp.exe.ren Object is locked skipped
C:\WINXP\WindowsUpdate.log Object is locked skipped
C:\WINXP\SchedLgU.Txt Object is locked skipped
C:\WINXP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\crcjetyh.dll_tobedeleted_old Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC836.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFFEAB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF3FF9.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC40B.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFAADB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF139.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET8811.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET90CC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETCECA.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET9291.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETB134.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007112020071121\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe/data0002 Infected: Email-Flooder.Win32.MailBomber.91.c skipped
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CallingID.mdb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CIDLight.mdb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CIDLight.ldb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CallingID.ldb Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SolarWinds\Free Tools\TFTP-Server.exe Infected: not-a-virus:Server-FTP.Win32.Tftp.500 skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2007-11-20.csv Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP1\A0000068.DLL Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP2\A0004255.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0004915.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0004927.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005024.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005025.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005150.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005151.DLL Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005154.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005158.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005160.dll Infected: Trojan.Win32.Inject.kq skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005197.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005199.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005200.dll Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005226.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005229.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005230.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\change.log Object is locked skipped
C:\VundoFix Backups\ahwtatih.dll.bad Object is locked skipped
C:\VundoFix Backups\ddcbyxv.dll.bad Object is locked skipped
C:\VundoFix Backups\hggdaax.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\VundoFix Backups\hvbmisyi.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\VundoFix Backups\pjktfdnv.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\VundoFix Backups\xxywwwt.dll.bad Infected: Trojan.Win32.Inject.kq skipped
C:\SDFix\backups\backups.zip/backups/svchost.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\itouch_crash_info.txt Object is locked skipped

Scan process completed.

aussiejohn · 2007/11/20

Hello Noah, Just thought this might amuse you, I phoned CA Security Suite and asked them why the hell did not my expensive software, especially the spyware program, find any of these trojans, they siad they did not know about them, they got me to copy numerous files and send them to the support and they released the updates to fix them this morning!

noahdfear · 2007/11/20

Glad to hear that!

Here's what still needs to go, if you haven't already taken care of them.

C:\WINDOWS\xpupdate.exe.ren
C:\WINDOWS\xpupdate.exe
C:\Documents and Settings\All Users\Application Data\crcjetyh.dll_tobedeleted_old
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe
C:\VundoFix Backups
C:\SDFix

Empty the recycle bin when done.

That should wrap things up. If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

aussiejohn · 2007/11/20

Noah, I am at this very moment running another Kaspersky scan, it is showing 3 viruses in 5 objects at the 70% mark, do you want the report when finished?

noahdfear · 2007/11/20

Yes

Log in or Sign up

Solved Rogue Anti Virus Program

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved Rogue Anti Virus Program

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

aussiejohn Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches