cookiie723

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cookiie723

  • Rank
    Member
  • Birthday 05/19/1978

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    New York
  1. Should I just post a new HJT log whenever a scan is done? here's the new HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:45:29 AM, on 10/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 5901 bytes
  2. ComboFix Log: ComboFix 08-10-23.03 - Nora 2008-10-23 19:45:00.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.106 [GMT -4:00] Running from: C:\Documents and Settings\Nora\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))))) . 2008-10-21 18:55 . 2008-10-21 18:55 <DIR> d-------- C:\Program Files\ERUNT 2008-10-21 12:39 . 2008-10-21 12:39 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Malwarebytes 2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-21 12:38 . 2008-10-21 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-21 12:38 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-21 12:38 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-21 12:31 . 2008-10-21 12:31 <DIR> d-------- C:\_OTMoveIt 2008-10-21 12:22 . 2008-10-21 12:22 <DIR> d-------- C:\rsit 2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs 2008-10-21 12:01 . 2008-10-22 20:00 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad 2008-10-21 11:59 . 2008-10-21 11:59 <DIR> d-------- C:\_OTScanIt 2008-10-21 09:15 . 2008-10-21 09:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-20 10:37 . 2008-10-20 10:37 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Program Files\HTMLPad 2008 2008-10-20 10:36 . 2008-10-20 10:36 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\Blumentals 2008-10-18 12:28 . 2008-10-18 12:28 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\uTorrent 2008-10-15 21:55 . 2008-10-15 21:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-10-14 23:53 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-14 23:53 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-14 23:53 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-14 23:53 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 23:53 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 23:53 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Norton PC Checkup 2008-10-13 22:49 . 2008-10-13 22:49 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-10-13 21:35 . 2008-10-13 21:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-10-13 18:56 . 2008-10-13 18:56 <DIR> d-------- C:\Program Files\ManyCam 2.3 2008-10-11 17:27 . 2008-10-11 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3 2008-10-11 17:08 . 2008-10-11 17:08 <DIR> d-------- C:\LaunchPad 2008-10-11 17:01 . 2008-10-11 17:01 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\U3 2008-10-09 00:39 . 2001-11-08 17:37 221,184 --a------ C:\WINDOWS\system32\Dualunis.exe 2008-10-06 01:13 . 2008-10-06 01:13 <DIR> d-------- C:\Documents and Settings\Nora\Application Data\FileZilla 2008-10-06 01:11 . 2008-10-06 01:11 <DIR> d-------- C:\Program Files\FileZilla FTP Client 2008-10-05 23:26 . 2008-10-05 23:26 <DIR> d-------- C:\Program Files\Common Files\NSV 2008-10-04 14:06 . 2008-10-04 14:06 <DIR> d-------- C:\Program Files\Jasc Software Inc 2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-30 12:02 . 2008-09-30 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-29 11:26 . 2008-09-25 11:00 922,464 --a------ C:\WINDOWS\system32\Incinerator.dll 2008-09-29 11:26 . 2008-09-24 10:32 28,672 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2008-09-29 11:26 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\system32\smrgdf.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-21 20:45 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-03 14:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-21 23:25 --------- d-----w C:\Program Files\QuickTime 2008-09-18 16:05 --------- d-----w C:\Documents and Settings\Nora\Application Data\Apple Computer 2008-09-18 16:04 --------- d-----w C:\Program Files\Sun 2008-09-16 01:08 --------- d-----w C:\Program Files\Safari 2008-09-16 00:58 --------- d-----w C:\Program Files\Apple Software Update 2008-09-15 09:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-09 23:13 --------- d-----w C:\Documents and Settings\Nora\Application Data\acccore 2008-09-09 08:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-09 03:47 --------- d-----w C:\Documents and Settings\Nora\Application Data\LimeWire 2008-09-08 23:38 --------- d-----w C:\Program Files\Unlocker 2008-09-08 23:38 --------- d-----w C:\Documents and Settings\Nora\Application Data\Desktopicon 2008-09-08 07:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-08 03:14 --------- d-----w C:\Program Files\TweakXP 2 2008-09-08 02:52 --------- d-----w C:\Documents and Settings\Nora\Application Data\Leadertech 2008-09-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-09-08 02:21 --------- d-----w C:\Program Files\Common Files\Logitech 2008-09-08 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-09-08 02:10 --------- d-----w C:\Program Files\Logitech 2008-09-06 03:30 241,704 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll 2008-09-06 03:29 917,032 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe 2008-09-04 10:25 46,014 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-09-04 10:25 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-09-04 10:25 2,271 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-09-02 02:39 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-09-01 14:42 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Search 2008-08-30 21:13 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-29 10:25 --------- d-----w C:\Documents and Settings\Nora\Application Data\Winamp 2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\Windows Desktop Search 2008-08-29 10:19 --------- d-----w C:\Documents and Settings\Nora\Application Data\iolo 2008-08-29 01:32 --------- d-----w C:\Program Files\Windows Desktop Search 2008-08-27 05:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 05:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 05:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 02:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 02:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-19 19:40 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll 2008-08-14 07:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 06:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-07-26 19:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll 2008-07-26 19:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll 2008-07-26 19:23 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll 2008-07-26 19:23 195,096 ----a-w C:\WINDOWS\system32\lvci11801048.dll 2008-07-26 18:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg 2006-11-16 17:26 1,095,224 ----a-w C:\Program Files\LaunchU3.exe 2006-08-15 14:15 22,486 ----a-w C:\Program Files\U3Launcher.ico 2008-01-14 19:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-14 19:40 88 --sh--r C:\WINDOWS\system32\4B9319776A.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "Google Update"="C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-12 133104] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] C:\Documents and Settings\Nora\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=C:\Documents and Settings\Nora\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-06-21 16:44 126976 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 02:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-06-21 16:48 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2008-08-14 17:11 565008 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2008-08-14 17:15 2407184 C:\Program Files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-01-07 12:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 16:02 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] --a------ 2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLSetupSvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "iPod Service"=3 (0x3) "ioloDMV"=2 (0x2) "idsvc"=3 (0x3) "CCALib8"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\AIM6\\AIM6.EXE"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384] R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 18048] S4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] S4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 22:22] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-TVT Scheduler Proxy - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe MSConfigStartUp-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe MSConfigStartUp-YSearchProtection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nora\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\ FF -: plugin - C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 19:46:38 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-23 19:47:25 ComboFix-quarantined-files.txt 2008-10-23 23:47:22 Pre-Run: 13,341,949,952 bytes free Post-Run: 14,422,966,272 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 263 --- E O F --- 2008-10-21 07:03:51
  3. And that's fine, I dont expect you to be here 24/7. I'm pretty sure you have your own life that takes priority to my problem. I just wanted to make sure that the zip file uploaded fine. I bumped the thread because, I didnt want it to get lost and you not notice that i've uploaded the runscanner document. It was just a simple gesture to let you know that I'm still here and havent danced off into la la land.
  4. bump. Need this runscanner log looked at to determine any further action to remedy my issue. Thanks.
  5. alright.. here's the .run file zipped... i also have the log incase its needed as well. runscanner.zip
  6. sure can... OTScanIt2 logfile created on: 10/21/2008 7:14:58 PM - Run 2 OTScanIt2 by OldTimer - Version 1.0.0.19b Folder = C:\Documents and Settings\Nora\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 93.05 Mb Available Physical Memory | 18.25% Memory free 671.24 Mb Paging File | 275.84 Mb Available in Paging File | 41.09% Paging File free Paging file location(s): C:\pagefile.sys 192 800; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35.27 Gb Total Space | 12.82 Gb Free Space | 36.35% Space Free | Partition Type: FAT32 D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: REGINA Current User Name: Nora Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Registry - Additional Scans - Safe List] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKLM] -> No CLSID value ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2008/04/13 17:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %SystemDrive%\PROGRA~1\MSNMES~1\MSGRAP~1.DLL[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) < End of report >
  7. If this gets double posted, my apologies. i wasnt paying attention and shut down firefox just as the browser was loading. lol let me know if the attachment works or not, i'll just post it from the txt file itself again OTScanIt102108.Txt
  8. OTMoveIT: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\\ not found. ========== FILES ========== ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_tTFgylmW7e5a6USxFOXU scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_185635 Files moved on Reboot... File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_tTFgylmW7e5a6USxFOXU not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered. File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:59:27 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - (no file) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6234 bytes
  9. Are we there yet? lol just kidding... here are the logs once again.. =D Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:59:24 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - (no file) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6173 bytes OTMoveIt: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html not found. Registry key HKEY_CLASSES_ROOT\CLSID\{691c2234-7bb6-4d3a-95fc-8e3d915ea92b}\\ deleted successfully. ========== FILES ========== ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFEA38.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_UVOaZZnb23EsoKSo3gLj scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_173237 Files moved on Reboot... C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFEA38.tmp moved successfully. File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_UVOaZZnb23EsoKSo3gLj not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered. File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.
  10. Ok.. here are the HJT and MoveIt Logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:18 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6136 bytes OTMoveIt Log: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Documents and Settings\Nora\My Documents\My Music\angel natasha benningfield.mp3 moved successfully. C:\Documents and Settings\Nora\My Documents\My Music\ggonna make you sweat.mp3 moved successfully. C:\Documents and Settings\Nora\My Documents\My Music\lorelei carlson.mp3 moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_6fpfJOUxSLdVHezXScKh scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_165218 Files moved on Reboot... File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_6fpfJOUxSLdVHezXScKh not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered. File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\XUL.mfl moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.
  11. Malware Log: Malwarebytes' Anti-Malware 1.29 Database version: 1276 Windows 5.1.2600 Service Pack 3 10/21/2008 12:51:45 PM mbam-log-2008-10-21 (12-51-45).txt Scan type: Quick Scan Objects scanned: 69523 Time elapsed: 6 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kasperkey Log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, October 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, October 21, 2008 15:51:52 Records in database: 1331814 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Files scanned: 78236 Threat name: 3 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 01:43:04 File name / Threat name / Threats count C:\IBMWORK\2GXSM0A\PLSREM~1.EXE Infected: not-a-virus:RemoteAdmin.Win32.PLSRemot 1 C:\Documents and Settings\Nora\My Documents\My Music\angel natasha benningfield.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Nora\My Documents\My Music\ggonna make you sweat.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Nora\My Documents\My Music\lorelei carlson.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\_OTMoveIt\MovedFiles\10212008_123106\WINDOWS\system32\msziptools.dll Infected: Trojan-Downloader.Win32.DlKroha.k 1 The selected area was scanned. Doh! Guess Avira isnt so keen on catching trojans since there are three mp3 files that are infected. Go figure. Nonetheless.. lets continue so everything can be nabbed while we're at it. ~nora
  12. i still have to finish with malwarebytes scan and kapersky but i must run and do some errands.. when i return i will post those logs as well.. thanks.
  13. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== LoadLibrary failed for C:\WINDOWS\system32\msziptools.dll C:\WINDOWS\system32\msziptools.dll NOT unregistered. C:\WINDOWS\system32\msziptools.dll moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_SfK8JdZc5my0PT4W3W4F scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFD305.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF82D4.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF8BC8.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF9FE3.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFA002.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Nora\LOCALS~1\Temp\flaB.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_123106 Files moved on Reboot... File C:\DOCUME~1\Nora\LOCALS~1\Temp\etilqs_SfK8JdZc5my0PT4W3W4F not found! C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFD305.tmp moved successfully. File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF82D4.tmp not found! File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF8BC8.tmp not found! File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DF9FE3.tmp not found! File C:\DOCUME~1\Nora\LOCALS~1\Temp\~DFA002.tmp not found! File C:\DOCUME~1\Nora\LOCALS~1\Temp\flaB.tmp not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. File C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found! C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully.
  14. log.txt file: Logfile of random's system information tool 1.04 (written by random/random) Run by Nora at 2008-10-21 12:22:14 Microsoft Windows XP Professional Service Pack 3 System drive C: has 13 GB (36%) free of 36 GB Total RAM: 510 MB (6% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:28 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Nora\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Nora.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 6015 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUser.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] "Google Update"=C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 133104] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe [2005-06-21 126976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\System32\igfxtray.exe [2005-06-21 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-01-07 495616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2008-08-03 36352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-20 4670704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk] C:\PROGRA~1\LimeWire\LimeWire.exe [2008-08-21 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk] C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-11 22486] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLSetupSvc"=3 "WMPNetworkSvc"=3 "iPod Service"=3 "ioloDMV"=2 "idsvc"=3 "CCALib8"=2 "Apple Mobile Device"=2 "ioloSystemService"=2 "ioloFileInfoList"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 "NoViewOnDrive"=0 "NoLogoff"=0 "NoWindowsUpdate"=0 "StartMenuLogOff"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Program Files\AIM6\AIM6.EXE"="C:\Program Files\AIM6\AIM6.EXE:*:Enabled:AIM" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Messenger" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - open - NOTEPAD.EXE %1 .reg - open - NOTEPAD.EXE %1 .scr - open - NOTEPAD.EXE %1 .vbs - open - NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2008-10-21 12:22:14 ----D---- C:\rsit 2008-10-21 11:59:44 ----D---- C:\_OTScanIt 2008-10-21 09:15:27 ----D---- C:\Program Files\Trend Micro 2008-10-20 10:37:06 ----SHD---- C:\WINDOWS\ftpcache 2008-10-20 10:36:34 ----D---- C:\Program Files\HTMLPad 2008 2008-10-20 10:36:34 ----D---- C:\Documents and Settings\Nora\Application Data\Blumentals 2008-10-18 12:28:30 ----D---- C:\Documents and Settings\Nora\Application Data\uTorrent 2008-10-15 21:55:10 ----D---- C:\WINDOWS\system32\URTTEMP 2008-10-15 04:02:38 ----HD---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 04:02:31 ----HD---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 04:02:02 ----HD---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 04:01:48 ----HD---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-14 18:28:06 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt 2008-10-13 22:49:26 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-10-13 22:49:22 ----D---- C:\Program Files\Norton PC Checkup 2008-10-13 22:06:07 ----A---- C:\WINDOWS\system32\msziptools.dll 2008-10-13 21:35:22 ----D---- C:\WINDOWS\system32\Adobe 2008-10-13 18:56:19 ----D---- C:\Program Files\ManyCam 2.3 2008-10-11 17:08:50 ----D---- C:\LaunchPad 2008-10-11 17:01:31 ----D---- C:\Documents and Settings\Nora\Application Data\U3 2008-10-09 00:39:47 ----A---- C:\WINDOWS\system32\Dualunis.exe 2008-10-06 19:17:35 ----D---- C:\WINDOWS\RegisteredPackages 2008-10-06 19:16:42 ----A---- C:\WINDOWS\system32\psisdecd.dll 2008-10-06 19:16:41 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2008-10-06 01:13:31 ----D---- C:\Documents and Settings\Nora\Application Data\FileZilla 2008-10-06 01:11:32 ----D---- C:\Program Files\FileZilla FTP Client 2008-10-05 23:26:48 ----D---- C:\Program Files\Common Files\NSV 2008-10-04 14:06:18 ----D---- C:\Program Files\Jasc Software Inc 2008-09-30 12:02:16 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-09-30 12:02:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-29 11:26:04 ----A---- C:\WINDOWS\system32\Incinerator.dll 2008-09-29 11:26:00 ----A---- C:\WINDOWS\system32\smrgdf.exe 2008-09-29 11:26:00 ----A---- C:\WINDOWS\system32\iolobtdfg.exe 2008-09-22 18:54:27 ----A---- C:\WINDOWS\system32\igfxres.dll ======List of files/folders modified in the last 1 months====== 2008-10-21 12:00:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-16 16:09:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-15 04:02:36 ----A---- C:\WINDOWS\imsins.BAK 2008-10-12 22:14:32 ----ASH---- C:\BOOT.INI 2008-10-12 22:14:32 ----A---- C:\WINDOWS\win.ini 2008-10-12 22:14:32 ----A---- C:\WINDOWS\system.ini 2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 10:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-03-09 394192] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998] R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 pelps2m;PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 18048] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2006-09-12 28224] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-27 578432] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-16 91678] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-16 71514] S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS [] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832] S3 KLIF;KLIF; \??\C:\WINDOWS\system32\ZONELABS\avsys\KLIF.SYS [] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784] S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-19 149761] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2007-03-09 75568] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704] S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] -----------------EOF----------------- info.txt file: info.txt logfile of random's system information tool 1.04 2008-10-21 12:22:34 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5} Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AIM 6-->C:\Program Files\AIM6\uninst.exe AMIP (remove only)-->"C:\Program Files\Winamp\Plugins\amip_uninstall.exe" AMIPConfigurator (remove only)-->"C:\Program Files\Winamp\Plugins\un_configurator.exe" Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bejeweled 2 Deluxe-->"C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log" Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HTMLPad 2008 Pro v9.2-->"C:\Program Files\HTMLPad 2008\unins000.exe" Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Intel® Network Connections Drivers-->Prounstl.exe iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe" iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe" Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mouse Suite-->Pmuninst.exe MouseSuite98 Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} MVision-->MsiExec.exe /I{5FE1E412-D114-46E8-A891-5BE087B256A5} Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} Paint Shop Pro 7 ESD-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TweakXP Tweaking Utility 2-->"C:\Program Files\TweakXP 2\unins000.exe" U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe =====HijackThis Backups===== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated) AV: Avira AntiVir PersonalEdition FW: ZoneAlarm Security Suite Firewall (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0207 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "tvdumpflags"=8 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF-----------------
  15. OTScanIt Log: Explorer killed successfully [Processes - Safe List] Process teatimer.exe killed successfully. [Registry - Safe List] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\SITEguard deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\Au toRun\command\\ deleted successfully. [Registry - Additional Scans - Safe List] Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Celina & Crystal^Start Menu^Programs^Startup^UberIcon.lnk\ deleted successfully. File C:\WINDOWS\pss\UberIcon.lnk not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Stardock ObjectDock.lnk\ deleted successfully. File C:\WINDOWS\pss\Stardock ObjectDock.lnk not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Y'z Toolbar.lnk\ deleted successfully. File C:\WINDOWS\pss\Y'z Toolbar.lnk not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TVT Scheduler Proxy hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YSearchProtection hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found. File not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\\'' updated successfully. C:\WINDOWS\system32\NOTEPAD.EXE moved successfully. [Files/Folders - Created Within 90 Days] C:\WINDOWS\msdownld.tmp folder deleted successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. [Files/Folders - Modified Within 90 Days] C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully. C:\WINDOWS\System32\drivers\logiflt.iad moved successfully. File C:\WINDOWS\tasks\At2.job not found! [File - Lop Check] C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully. File C:\WINDOWS\Tasks\At1.job not found! File C:\WINDOWS\Tasks\At2.job not found! [Empty Temp Folders] File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\fla113.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\etilqs_PXMrwy2CFPEnLBRP9hBX scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\flaD0.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DF92AF.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DF96C1.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD4B.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD5F.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Temp\Perflib_Perfdata_73c.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\Nora\Application Data\Sun\Java\Deployment\cache\6.0\47\4b46a2ef-2f45d146 scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Application Data\Sun\Java\Deployment\cache\6.0\22\7f082b16-423ee41d scheduled to be deleted on reboot. Java cache emptied. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version 1.0.0.19b fix logfile created on 10212008_115944 Files moved on Reboot... File C:\Documents and Settings\Nora\Local Settings\Temp\fla113.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\etilqs_PXMrwy2CFPEnLBRP9hBX not found! File C:\Documents and Settings\Nora\Local Settings\Temp\flaD0.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\~DF92AF.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\~DF96C1.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD4B.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\~DFDD5F.tmp not found! File C:\Documents and Settings\Nora\Local Settings\Temp\Perflib_Perfdata_73c.dat not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. C:\Documents and Settings\Nora\Application Data\Sun\Java\Deployment\cache\6.0\47\4b46a2ef-2f45d146 moved successfully. C:\Documents and Settings\Nora\Application Data\Sun\Java\Deployment\cache\6.0\22\7f082b16-423ee41d moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Nora\Local Settings\Application Data\Mozilla\Firefox\Profiles\vfqrjklq.default\urlclassifier3.sqlite moved successfully. HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:36 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O18 - Filter hijack: text/html - {691c2234-7bb6-4d3a-95fc-8e3d915ea92b} - C:\WINDOWS\system32\msziptools.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 5949 bytes