My Anti Spyware
News, Free Programs, Online Scanners, Tutorials
Post your problems with Spyware, Hijackers, Trojans...
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister     ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

prorat infection that doesnt go away

 
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal
View previous topic :: View next topic  
Author Message
iitx



Joined: 08 Jun 2008
Posts: 6
PostPosted: Sun Jun 08, 2008 9:50 pm    Post subject: prorat infection that doesnt go away Reply with quote
Hi, my antivirus found some prorat DBS and deleted most of it, but there's still something left that constantly creates a tmp file in the C:\windows\temp folder. My antivirus (Avira) keeps detecting that file and as soon as it deletes it creates another one. Seems like antivirus cant put an end to this. I just installed Hijack this and ran a scan. Here's the log. I appreciate your help
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:15 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yapta\YaptaClient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpB169.tmp (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe /onstartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://138.237.46.59/activex/AMC.cab
O18 - Protocol: bw+0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 25329 bytes
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Sun Jun 08, 2008 11:33 pm    Post subject: Reply with quote
Hello, welcome to the forum!

Download combofix.
Close any open browsers. Double click on combofix.exe and follow the prompts.

Post a combofix log with your answer.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
iitx



Joined: 08 Jun 2008
Posts: 6
PostPosted: Mon Jun 09, 2008 5:04 am    Post subject: Combofix log Reply with quote
Thanks for your reply. Here's the combofix log:



ComboFix 08-06-08.2 - Jeffrey 2008-06-08 20:09:42.1 - NTFSx86
Running from: C:\Documents and Settings\Jeffrey\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\paytime.exe
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 17:51 . 2008-06-08 17:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 16:24 . 2008-06-08 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 05:32 . 2008-06-08 18:12 <DIR> d-------- C:\Program Files\SDFix
2008-06-07 01:58 . 2008-06-07 01:58 <DIR> d-------- C:\Program Files\Avira
2008-06-07 01:58 . 2008-06-07 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-30 19:37 . 2008-06-07 01:22 <DIR> d-------- C:\Program Files\Willing Webcam
2008-05-30 19:37 . 2008-01-21 16:40 301,696 --a------ C:\WINDOWS\system32\drivers\wwsplit.sys
2008-05-30 19:37 . 2002-02-01 15:00 293,888 --a------ C:\WINDOWS\system32\midas.dll
2008-05-30 18:54 . 2008-05-30 18:54 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\EyeSpyFX
2008-05-30 18:52 . 2008-05-30 19:57 <DIR> d-------- C:\Program Files\EyeSpyFX_Webcam
2008-05-30 18:52 . 2007-05-23 10:43 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-30 18:52 . 2002-11-19 17:10 204,800 --a------ C:\WINDOWS\system32\ptrue.dll
2008-05-30 18:52 . 2002-11-19 19:48 81,920 --a------ C:\WINDOWS\system32\ptrue2.dll
2008-05-18 16:01 . 2008-05-18 16:22 <DIR> d-------- C:\Program Files\Mpeg2Decoder
2008-05-18 15:54 . 2008-05-20 00:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 15:54 . 2008-05-18 15:54 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-18 15:53 . 2008-05-18 15:53 <DIR> d-------- C:\Program Files\Deskshare
2008-05-18 15:53 . 2008-05-18 15:53 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2008-05-18 15:53 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 11:28 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\gtk-2.0
2008-05-18 11:21 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\Jeffrey\avidemux
2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Program Files\DebugMode
2008-05-18 03:34 . 2008-05-18 11:03 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-05-18 03:04 . 2008-06-02 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 03:04 . 2008-05-18 03:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 02:58 . 1999-01-22 18:31 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2008-05-18 02:57 . 2008-05-18 02:57 <DIR> d-------- C:\Program Files\Avid
2008-05-18 02:57 . 2001-02-01 16:10 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-05-18 01:27 . 2008-05-18 01:27 <DIR> d-------- C:\Program Files\Recode Media
2008-05-18 01:03 . 2008-05-18 01:03 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\Sony Corporation
2008-05-18 00:43 . 2008-05-18 11:07 <DIR> d-------- C:\Program Files\Sony
2008-05-18 00:42 . 2008-05-18 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-16 03:04 . 2008-05-16 03:04 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 07:48 998,912 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-06-08 23:06 --------- d-----w C:\Program Files\Accessories
2008-06-08 22:40 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\uTorrent
2008-06-08 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-08 10:15 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\AVG7
2008-06-08 08:10 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\Skype
2008-06-08 06:08 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\skypePM
2008-06-07 20:13 7,957,504 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-06-06 23:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 04:59 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-17 06:18 120 ----a-w C:\drmHeader.bin
2008-05-09 23:40 18,238,968 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_09_00_32_16_full.dmp.zip
2008-05-09 05:35 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\U3
2008-05-01 23:35 --------- d-----w C:\Program Files\CamGrab-2Plus
2008-04-27 08:38 --------- d-----w C:\Program Files\HP
2008-04-27 08:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-26 08:17 --------- d-----w C:\Program Files\GPS
2008-04-25 23:18 --------- d-----w C:\Program Files\Yapta
2008-04-25 23:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-25 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-04-25 07:46 --------- d-----w C:\Program Files\QuickTime
2008-04-24 22:46 7,312,277 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-24 04:29 --------- d-----w C:\Program Files\DivX
2008-04-24 04:29 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\DivX
2008-04-24 03:04 --------- d-----w C:\Program Files\DAP
2008-04-22 23:03 --------- d-----w C:\Program Files\Boilsoft MOV Converter
2008-04-22 05:20 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\Media Player Classic
2008-04-22 05:08 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-22 05:06 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 04:59 --------- d-----w C:\Program Files\Winamp
2008-04-20 08:30 18,306,506 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_19_18_53_27_full.dmp.zip
2008-04-11 22:43 17,933,771 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_10_19_39_04_full.dmp.zip
2008-04-05 07:26 18,045,769 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_29_02_36_42_full.dmp.zip
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 01:08 18,237,293 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_27_22_00_13_full.dmp.zip
2008-03-27 23:00 18,383,152 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_27_02_42_11_full.dmp.zip
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-09 02:37 408 ----a-w C:\Documents and Settings\Jeffrey\Application Data\wklnhst.dat
2007-12-31 09:51 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-04-15 07:21 0 ----a-w C:\Program Files\secure32.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
C:\WINDOWS\system32\hpB169.tmp

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:53 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 19:19 290816]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32 58984]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 12:21 579072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Yapta Tracker"="C:\Program Files\Yapta\YaptaClient.exe" [2007-11-13 17:11 316720]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 00:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-20 05:52 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-31 17:47 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:53 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-10-13 20:34 229438 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-17 15:43 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 05:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-17 15:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-06-04 15:38 286720 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-11 00:32 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-20 05:52 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-06-04 01:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-04-15 13:38 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAC Start Button]
--a------ 2007-11-18 19:44 1386784 C:\Program Files\TAC Start Button\TACStartButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-22 00:03 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yaemu.exe]
C:\WINDOWS\system32\yaemu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Willing Webcam\\wwcam.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 20:39:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-06-07 01:00:36 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jeffrey.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-06-09 01:40:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-02-11 06:07:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 20:23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-06-08 20:40:24 - machine was rebooted [Jeffrey]
ComboFix-quarantined-files.txt 2008-06-09 01:40:10

Pre-Run: 27,043,807,232 bytes free
Post-Run: 27,467,599,872 bytes free

264 --- E O F --- 2008-05-16 12:18:29
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1226
PostPosted: Mon Jun 09, 2008 9:25 pm    Post subject: Reply with quote
Run HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:
Quote:
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpB169.tmp (file missing)


Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Reboot your PC.

Make a fresh combofix log and a fresh HijackThis Log.

Post both logs with your reply.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
iitx



Joined: 08 Jun 2008
Posts: 6
PostPosted: Tue Jun 10, 2008 4:20 am    Post subject: Reply with quote
Thanks for your reply. I did as you said and here are the new Hijackthis and Combofix logs

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:04 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yapta\YaptaClient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe /onstartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://138.237.46.59/activex/AMC.cab
O18 - Protocol: bw+0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F33D725A-26D1-4046-B0D1-8B4EF8FB4353} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 24964 bytes


Combofix:


ComboFix 08-06-08.2 - Jeffrey 2008-06-09 23:06:07.2 - NTFSx86
Running from: C:\Documents and Settings\Jeffrey\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 00:16 . 2006-12-24 01:14 158,208 -rah----- C:\WINDOWS\system32\msconfig.exe
2008-06-09 00:16 . 2006-12-25 04:29 9,488 -rah----- C:\WINDOWS\kill.exe
2008-06-08 17:51 . 2008-06-08 17:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 16:24 . 2008-06-08 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 05:32 . 2008-06-08 18:12 <DIR> d-------- C:\Program Files\SDFix
2008-06-07 01:58 . 2008-06-07 01:58 <DIR> d-------- C:\Program Files\Avira
2008-06-07 01:58 . 2008-06-07 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-30 19:37 . 2008-06-07 01:22 <DIR> d-------- C:\Program Files\Willing Webcam
2008-05-30 19:37 . 2008-01-21 16:40 301,696 --a------ C:\WINDOWS\system32\drivers\wwsplit.sys
2008-05-30 19:37 . 2002-02-01 15:00 293,888 --a------ C:\WINDOWS\system32\midas.dll
2008-05-30 18:54 . 2008-05-30 18:54 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\EyeSpyFX
2008-05-30 18:52 . 2008-05-30 19:57 <DIR> d-------- C:\Program Files\EyeSpyFX_Webcam
2008-05-30 18:52 . 2007-05-23 10:43 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-30 18:52 . 2002-11-19 17:10 204,800 --a------ C:\WINDOWS\system32\ptrue.dll
2008-05-30 18:52 . 2002-11-19 19:48 81,920 --a------ C:\WINDOWS\system32\ptrue2.dll
2008-05-18 16:01 . 2008-05-18 16:22 <DIR> d-------- C:\Program Files\Mpeg2Decoder
2008-05-18 15:54 . 2008-05-20 00:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 15:54 . 2008-05-18 15:54 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-18 15:53 . 2008-05-18 15:53 <DIR> d-------- C:\Program Files\Deskshare
2008-05-18 15:53 . 2008-05-18 15:53 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2008-05-18 15:53 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-05-18 11:28 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\gtk-2.0
2008-05-18 11:21 . 2008-05-18 11:28 <DIR> d-------- C:\Documents and Settings\Jeffrey\avidemux
2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Program Files\DebugMode
2008-05-18 03:34 . 2008-05-18 11:03 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-05-18 03:04 . 2008-06-02 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 03:04 . 2008-05-18 03:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 02:58 . 1999-01-22 18:31 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2008-05-18 02:57 . 2008-05-18 02:57 <DIR> d-------- C:\Program Files\Avid
2008-05-18 02:57 . 2001-02-01 16:10 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-05-18 01:27 . 2008-05-18 01:27 <DIR> d-------- C:\Program Files\Recode Media
2008-05-18 01:03 . 2008-05-18 01:03 <DIR> d-------- C:\Documents and Settings\Jeffrey\Application Data\Sony Corporation
2008-05-18 00:43 . 2008-05-18 11:07 <DIR> d-------- C:\Program Files\Sony
2008-05-18 00:42 . 2008-05-18 00:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-16 03:04 . 2008-05-16 03:04 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 07:48 998,912 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-06-10 03:50 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\uTorrent
2008-06-09 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-09 08:07 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\Skype
2008-06-09 05:24 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\skypePM
2008-06-08 23:06 --------- d-----w C:\Program Files\Accessories
2008-06-08 10:15 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\AVG7
2008-06-07 20:13 7,957,504 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-06-06 23:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 04:59 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-17 06:18 120 ----a-w C:\drmHeader.bin
2008-05-09 23:40 18,238,968 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_09_00_32_16_full.dmp.zip
2008-05-09 05:35 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\U3
2008-05-01 23:35 --------- d-----w C:\Program Files\CamGrab-2Plus
2008-04-27 08:38 --------- d-----w C:\Program Files\HP
2008-04-27 08:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-26 08:17 --------- d-----w C:\Program Files\GPS
2008-04-25 23:18 --------- d-----w C:\Program Files\Yapta
2008-04-25 23:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-25 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-04-25 07:46 --------- d-----w C:\Program Files\QuickTime
2008-04-24 22:46 7,312,277 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-24 04:29 --------- d-----w C:\Program Files\DivX
2008-04-24 04:29 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\DivX
2008-04-24 03:04 --------- d-----w C:\Program Files\DAP
2008-04-22 23:03 --------- d-----w C:\Program Files\Boilsoft MOV Converter
2008-04-22 05:20 --------- d-----w C:\Documents and Settings\Jeffrey\Application Data\Media Player Classic
2008-04-22 05:08 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-22 05:06 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 04:59 --------- d-----w C:\Program Files\Winamp
2008-04-20 08:30 18,306,506 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_19_18_53_27_full.dmp.zip
2008-04-11 22:43 17,933,771 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_10_19_39_04_full.dmp.zip
2008-04-05 07:26 18,045,769 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_29_02_36_42_full.dmp.zip
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 01:08 18,237,293 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_27_22_00_13_full.dmp.zip
2008-03-27 23:00 18,383,152 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_27_02_42_11_full.dmp.zip
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-09 02:37 408 ----a-w C:\Documents and Settings\Jeffrey\Application Data\wklnhst.dat
2007-12-31 09:51 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-04-15 07:21 0 ----a-w C:\Program Files\secure32.html
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_20.32.57.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 01:22:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 03:53:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-10-15 03:02:56 4,860 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{D38FF81D-2746-4433-938A-DAD34F6A0841}.bin
+ 2008-10-15 03:02:56 5,544 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{D38FF81D-2746-4433-938A-DAD34F6A0841}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
={750fdf0e-2a26-11d1-a3ea-080036587f03}
={4E77131D-3629-431c-9818-C5679DC83E81}
={99FD978C-D287-4F50-827F-B2C658EDA8E7}
={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
={920E6DB1-9907-4370-B3A0-BAFC03D81399}
={16F3DD56-1AF5-4347-846D-7C10C4192619}
={2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
={b32a6748-f273-4546-b60a-3c5adc239de5}
={36A21736-36C2-4C11-8ACB-D4136F2B57BD}
={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
={666C7833-A9B6-4AB4-94ED-DC238C81E925}
={1F038B9D-83F5-4b28-BA76-8654EC297DD6}
={A825576B-0042-4F0F-8FB0-93CE0F054E69}
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:53 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 19:19 290816]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32 58984]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 12:21 579072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Yapta Tracker"="C:\Program Files\Yapta\YaptaClient.exe" [2007-11-13 17:11 316720]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 00:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-20 05:52 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-31 17:47 219136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:53 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-10-13 20:34 229438 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-17 15:43 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 05:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-17 15:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-06-04 15:38 286720 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-11 00:32 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-20 05:52 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-06-04 01:05 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-04-15 13:38 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAC Start Button]
--a------ 2007-11-18 19:44 1386784 C:\Program Files\TAC Start Button\TACStartButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-22 00:03 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yaemu.exe]
C:\WINDOWS\system32\yaemu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Willing Webcam\\wwcam.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 00:39:04 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-06-07 01:00:36 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jeffrey.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-06-10 04:10:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-02-11 06:07:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 23:11:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1248] 0x82A51020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-09 23:14:54
ComboFix-quarantined-files.txt 2008-06-10 04:14:42
ComboFix2