Iexplorer.exe doubled and dont wanna stop...HELP

lpastor · #1 16th Dec 2008, 02:11

Hi I have a two iexplorer.exe process even I dont open IE at all, and cannot stop it ... I red that this is a probably a virus, can you help me
--------------------------------------

I have Hijack and here a list of install programs:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Adam 4.3.2
Ad-Aware
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
avast! Antivirus
AVG Free 8.0
Canon CAPT printers
CDBurnerXP
Crystal Reports Basic for Visual Studio 2008
DAEMON Tools Toolbar
Deep Zoom Composer
EMS SQL Manager 2007 Lite for MySQL
Fiddler2
FileZilla Client 3.1.5.1
Free Download Manager 2.5
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Integration Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
GIMP 2.4.5
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB952241)
Hotfix for Office (KB950278)
Hotfix for Office (KB950278)
Intel(R) Graphics Media Accelerator Driver
LiveUpdate 3.2 (Symantec Corporation)
Logitech QuickCam
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Expression Blend 2
Microsoft Expression Blend 2
Microsoft FrontPage Server Extensions 2002 for Windows Server 2008
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (MSSQL05)
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Toolbox Controls Installer
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Performance Collection Tools - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Norton Ghost
Notepad++
PDF Settings
PrimoPDF
PrimoPDF Redistribution Package
Prince of Persia Warrior Within
Security Pack
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
Skypeâ„¢ 3.8
Spybot - Search & Destroy
SQL Server System CLR Types
SQLXML4
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
VC Runtimes MSI
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 0.9.6
WampServer 2.0
WebEx
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinMerge 2.10.2.0
WinRAR archiver
Xceed Components

===============================
and here a Log file :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:05 AM, on 12/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CAPON] C:\Windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup copy] "C:\ProgramData\loudlistlist.sqdql"
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\iso phone delete.boiq8"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hinttechusa.webex.com/client...x/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2372913A-874F-41E4-8B5B-E9F5259A8B76}: NameServer = 192.168.2.4 192.168.2.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2372913A-874F-41E4-8B5B-E9F5259A8B76}: NameServer = 192.168.2.4 192.168.2.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adam 4.3.0.0 Indexer Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Indexer.exe
O23 - Service: Adam 4.3.0.0 Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Server.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Xceed Chart for ASP.NET Renderer Service (Xceed.Chart.Renderer.Service) - Xceed Software Inc. - C:\Program Files\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe

--
End of file - 10869 bytes

==========================

thanks in advance

**evilfantasy** · #2 16th Dec 2008, 10:52

Welcome to CJ.

Go here > http://www.computer-juice.com/forums...-posting-7476/

Post the 3 logs when complete.

lpastor · #3 17th Dec 2008, 13:59

Ok I did all that is mention and now I have tree iexplore.exe and popup windows pop up whenever I have open IE expecaly when workinh on VPN

here it is a logs :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2008 at 12:23 PM

Application Version : 4.23.1006

Core Rules Database Version : 3677
Trace Rules Database Version: 1656

Scan type : Quick Scan
Total Scan Time : 03:42:22

Memory items scanned : 784
Memory threats detected : 0
Registry items scanned : 487
Registry threats detected : 0
File items scanned : 537293
File threats detected : 1

Trojan.Unknown Origin
D:\CUSTWORK\ENTLIB3SRC\APP BLOCKS\BIN\MICROSOFT.PRACTICES.ENTERPRISELIBRARY.CONFIGURATION.ENVIRONMENTALOVERRIDES.DLL

================================

Malwarebytes' Anti-Malware 1.31
Database version: 1511
Windows 6.0.6001 Service Pack 1

12/17/2008 1:05:06 PM
mbam-log-2008-12-17 (13-05-06).txt

Scan type: Quick Scan
Objects scanned: 51750
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=====================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:25 PM, on 12/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.5.2:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;gru;dark;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CAPON] C:\Windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup copy] "C:\ProgramData\loudlistlist.sqdql"
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\iso phone delete.boiq8"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hinttechusa.webex.com/client...x/ieatgpc1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adam 4.3.0.0 Indexer Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Indexer.exe
O23 - Service: Adam 4.3.0.0 Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Server.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Xceed Chart for ASP.NET Renderer Service (Xceed.Chart.Renderer.Service) - Xceed Software Inc. - C:\Program Files\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe

--
End of file - 10367 bytes
========================================

**evilfantasy** · #4 17th Dec 2008, 15:21

Multiple antivirus

The real-time protection of two antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

Installed are AVG, Avast and Norton. Please choose one to keep and uninstall the others.

----------

Download ComboFixÂ© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

lpastor · #5 18th Dec 2008, 00:20

I did what you told me log is heare:

ComboFix 08-12-17.01 - Laslo Pastor 2008-12-18 1:41:07.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Business 6.0.6001.1.1252.1.1033.18.2037.1095 [GMT 1:00]
Running from: c:\users\Laslo Pastor\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-17 12:49 . 2008-12-17 12:49 <DIR> d-------- c:\users\Laslo Pastor\AppData\Roaming\Malwarebytes
2008-12-17 12:49 . 2008-12-17 12:49 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-17 12:49 . 2008-12-17 12:49 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-17 12:49 . 2008-12-17 12:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 12:49 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-17 12:49 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-17 08:35 . 2008-12-17 08:35 <DIR> d-------- c:\users\Laslo Pastor\AppData\Roaming\SUPERAntiSpyware.com
2008-12-17 08:35 . 2008-12-17 08:35 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-17 08:35 . 2008-12-17 08:35 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-17 08:35 . 2008-12-17 08:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-17 08:27 . 2008-12-17 08:27 <DIR> d-------- c:\program files\CCleaner
2008-12-16 09:51 . 2008-12-16 09:51 <DIR> d-------- c:\program files\Trend Micro
2008-12-16 09:44 . 2008-12-16 09:44 <DIR> d-------- c:\program files\Alwil Software
2008-12-16 09:44 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-16 08:11 . 2008-12-16 08:11 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-12-15 23:32 . 2008-12-17 08:31 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-15 23:32 . 2008-12-17 08:31 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-15 23:32 . 2008-12-15 23:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 09:23 . 2008-12-15 09:23 <DIR> d-------- c:\program files\Lavasoft
2008-12-15 09:23 . 2008-12-17 08:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 09:00 . 2008-12-15 09:12 <DIR> d-------- c:\program files\Microsoft Expression
2008-12-15 08:46 . 2008-12-15 08:46 <DIR> d-------- c:\windows\System32\1033
2008-12-12 09:39 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-12 09:39 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2008-12-12 09:39 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2008-12-12 09:39 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-12 09:39 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2008-12-12 09:39 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-12 09:39 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2008-12-12 09:39 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2008-12-12 09:28 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2008-12-12 09:28 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2008-12-12 09:28 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-12 09:27 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2008-12-12 09:27 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2008-12-10 09:11 . 2008-12-09 11:55 2,259,456 --a------ C:\fpse.msi
2008-12-10 08:35 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 08:19 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-10 08:19 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 08:08 . 2008-12-10 08:08 <DIR> d-------- c:\users\All Users\way rdr ford mpeg
2008-12-10 08:08 . 2008-12-10 08:08 <DIR> d-------- c:\programdata\way rdr ford mpeg
2008-12-05 14:41 . 2008-12-06 12:52 <DIR> d-------- c:\users\All Users\POPWWPROFILES
2008-12-05 14:41 . 2008-12-06 12:52 <DIR> d-------- c:\programdata\POPWWPROFILES
2008-12-05 14:41 . 2008-12-05 14:41 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-05 14:38 . 2008-12-05 14:38 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-03 14:17 . 2008-12-03 14:18 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-03 14:17 . 2008-12-03 14:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-03 14:13 . 2008-12-03 14:13 <DIR> d-------- c:\users\Laslo Pastor\AppData\Roaming\DAEMON Tools
2008-12-03 14:13 . 2008-12-03 14:13 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-01 08:15 . 2008-12-18 00:34 836 --a------ c:\windows\bthservsdp.dat
2008-11-28 12:17 . 2008-11-28 12:17 <DIR> d-------- c:\users\All Users\Xceed Software
2008-11-28 12:17 . 2008-11-28 12:17 <DIR> d-------- c:\programdata\Xceed Software
2008-11-28 12:16 . 2008-11-28 12:16 <DIR> d-------- C:\Xceed Component Samples
2008-11-28 12:16 . 2008-11-28 12:17 <DIR> d-------- c:\program files\Xceed Components
2008-11-28 09:00 . 2008-11-28 09:00 <DIR> d-------- c:\program files\reflector
2008-11-26 20:59 . 2008-12-10 08:08 <DIR> d-------- c:\users\All Users\BoobLongCake
2008-11-26 20:59 . 2008-12-10 08:08 <DIR> d-------- c:\programdata\BoobLongCake
2008-11-26 08:16 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:16 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:16 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:16 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:16 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 13:17 . 2008-11-25 22:35 <DIR> d-------- C:\AdamLic
2008-11-24 12:54 . 2008-11-24 12:54 <DIR> d-------- c:\program files\Adam Software
2008-11-23 17:19 . 2008-12-18 01:34 <DIR> d-------- c:\users\Laslo Pastor\AppData\Roaming\dvdcss
2008-11-20 10:27 . 2008-11-20 10:27 <DIR> d-------- c:\program files\Fiddler2
2008-11-19 08:42 . 2008-11-19 08:42 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-11-18 14:24 . 2008-11-18 14:24 <DIR> d-------- c:\users\Laslo Pastor\Tracing
2008-11-18 14:20 . 2008-09-29 22:27 84,992 --a------ c:\windows\System32\lmdimon8.dll
2008-11-18 14:18 . 2008-11-18 14:18 <DIR> d-------- c:\users\All Users\Applications
2008-11-18 14:18 . 2008-11-18 14:18 <DIR> d-------- c:\programdata\Applications
2008-11-18 09:15 . 2008-11-18 09:17 <DIR> d-------- c:\users\Laslo Pastor\AppData\Roaming\vlc
2008-11-18 08:23 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 08:23 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 08:23 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 08:23 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 08:22 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 08:22 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 08:22 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 08:22 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 08:22 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 00:39 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Skype
2008-12-18 00:39 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Free Download Manager
2008-12-17 23:30 --------- d-----w c:\programdata\Symantec
2008-12-17 23:07 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\skypePM
2008-12-17 19:22 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\FileZilla
2008-12-17 17:35 --------- d-----w c:\program files\Google
2008-12-17 16:35 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\webex
2008-12-17 13:07 --------- d-----w c:\programdata\Google Updater
2008-12-16 20:34 --------- d-----w c:\programdata\avg8
2008-12-15 07:53 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-15 07:51 --------- d-----w c:\programdata\Microsoft Help
2008-12-15 07:44 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-12-13 20:56 12,130 ----a-w c:\users\Laslo Pastor\ntuserdirect_MyManager.dat
2008-12-10 07:39 --------- d-----w c:\program files\Windows Mail
2008-11-27 13:31 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\gtk-2.0
2008-11-14 12:49 --------- d-----w c:\program files\WinMerge
2008-11-13 09:57 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-13 07:49 --------- d-----w c:\program files\Skype
2008-11-11 23:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-08 11:23 --------- d-----w c:\program files\Notepad++
2008-11-07 19:25 --------- d-----w c:\program files\MSXML 4.0
2008-11-06 07:53 --------- d-----w c:\program files\Common Files\gemplus
2008-11-05 15:18 --------- d-----w c:\program files\EMS
2008-11-03 11:37 --------- d-----w c:\program files\activePDF
2008-11-03 09:05 --------- d-----w c:\programdata\WebEx
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 13:28 --------- d-----w c:\programdata\FLEXnet
2008-10-31 12:53 --------- d-----w c:\program files\Common Files\Adobe
2008-10-31 12:41 --------- d-----w c:\program files\Bonjour
2008-10-31 12:35 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-31 08:15 --------- d-----w c:\program files\GIMP-2.0
2008-10-30 14:44 --------- d-----w c:\programdata\Logishrd
2008-10-29 07:58 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Leadertech
2008-10-29 07:58 --------- d-----w c:\programdata\Logitech
2008-10-29 07:58 --------- d-----w c:\program files\Logitech
2008-10-29 07:58 --------- d-----w c:\program files\Common Files\logishrd
2008-10-28 20:25 --------- d-----w c:\programdata\Skype
2008-10-28 20:25 --------- d-----w c:\program files\Common Files\Skype
2008-10-28 07:24 --------- d-----w c:\programdata\Lavasoft
2008-10-27 14:14 --------- d-----w c:\program files\Microsoft ASP.NET
2008-10-27 08:37 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Symantec
2008-10-27 07:34 --------- d-----w c:\program files\Symantec
2008-10-27 07:29 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Notepad++
2008-10-27 07:21 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\Canneverbe_Limited
2008-10-27 07:21 --------- d-----w c:\program files\CDBurnerXP
2008-10-27 07:17 --------- d-----w c:\users\Laslo Pastor\AppData\Roaming\CDBurnerXP_Soft
2008-10-26 20:08 --------- d-----w c:\programdata\FreeDownloadManager.ORG
2008-10-26 20:08 --------- d-----w c:\program files\Free Download Manager
2008-10-25 18:53 --------- d-----w c:\program files\VideoLAN
2008-10-25 16:41 --------- d-----w c:\program files\Business Objects
2008-10-25 16:38 --------- d-----w c:\program files\Microsoft Device Emulator
2008-10-25 16:37 --------- d-----w c:\program files\Windows Mobile 5.0 SDK R2
2008-10-25 16:36 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-25 16:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-25 16:35 --------- d-----w c:\program files\Microsoft.NET
2008-10-25 16:30 --------- d-----w c:\programdata\PreEmptive Solutions
2008-10-25 16:30 --------- d-----w c:\program files\MSBuild
2008-10-25 16:30 --------- d-----w c:\program files\Common Files\Merge Modules
2008-10-25 16:27 --------- d-----w c:\program files\Microsoft SDKs
2008-10-25 16:27 --------- d-----w c:\program files\CE Remote Tools
2008-10-25 16:26 --------- d-----w c:\program files\Microsoft Web Designer Tools
2008-10-25 15:15 --------- d-----w c:\program files\SQLXML 4.0
2008-10-25 15:05 --------- d-----w c:\program files\Microsoft Analysis Services
2008-10-25 13:01 --------- d-----w c:\program files\Microsoft Works
2008-10-25 12:52 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-25 10:31 --------- d-----w c:\program files\AVG
2008-10-25 10:25 --------- d-----w c:\program files\Microsoft Games
2008-10-25 09:53 920,088 ----a-r c:\windows\System32\igxpun.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setup copy"="c:\programdata\loudlistlist.sqdql" [X]
"Ford mpeg road draw"="c:\programdata\iso phone delete.boiq8" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Google Update"="c:\users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-05 22528]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP-810 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE [2008-10-26 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8AA8BD66-DCF5-477E-8FE8-E0A901BB50A9}c:\\program files\\microsoft visual studio 9.0\\common7\\ide\\devenv.exe"= UDP:c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe:Microsoft Visual Studio 2008
"UDP Query User{8871CF8F-E8B9-4D29-8577-AB6470489078}c:\\program files\\microsoft visual studio 9.0\\common7\\ide\\devenv.exe"= TCP:c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe:Microsoft Visual Studio 2008
"{866A197D-7072-4331-AF32-F44C0C05E25B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{742EEA28-905C-43FB-840B-EE290AFF71D8}c:\\program files\\microsoft visual studio 9.0\\common7\\ide\\devenv.exe"= UDP:c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe:Microsoft Visual Studio 2008
"UDP Query User{36340B74-9418-4C6D-8D37-873592FA82F1}c:\\program files\\microsoft visual studio 9.0\\common7\\ide\\devenv.exe"= TCP:c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe:Microsoft Visual Studio 2008
"TCP Query User{39351B67-3F93-4C18-820F-DBBB92CE5D73}d:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= UDP:d:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"UDP Query User{5DDA2AAC-B92B-4139-B0FD-0A10B3256C89}d:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= TCP:d:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"TCP Query User{37E35B77-82F8-4ED8-AE31-7AC0392F0E43}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{75A378DE-99A2-4CB5-AD71-9C69065205B5}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{5820F7C0-A77C-4344-BF77-2647FB105C91}"= UDP:c:\program files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{BE08C1D2-5236-41AF-BD9E-6FCDE6867604}"= TCP:c:\program files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{68F8983B-344A-423E-90B1-2CAF49F41FCC}"= UDP:c:\program files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{82FC39EC-0038-41DB-9977-5C677A32AAB0}"= TCP:c:\program files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"TCP Query User{1D6508DB-A0C2-48F0-A959-E1FDEDF62238}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{9D9C1C1B-7058-464B-8A70-979FF4CE4FFD}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{4289629C-CE79-4417-86CE-3CE9C5700827}"= UDP:c:\users\Laslo Pastor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{D7EE3531-609D-42F8-BE75-7C5794CE2A17}"= TCP:c:\users\Laslo Pastor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{CC130518-9BF3-4167-B06E-D6085E680038}"= UDP:c:\users\Laslo Pastor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{EC999829-0621-41F4-A39E-FC5A5BC4F897}"= TCP:c:\users\Laslo Pastor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{424B3C2D-74AD-4CFC-A368-7A5144EC80E6}"= UDP:c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr
"{9F696FD0-1117-4A6E-8C0B-C783678ED9B9}"= TCP:c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr
"{D2D57FD2-5E83-4F30-854A-6269F0E095C7}"= UDP:c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:sqlbrowser
"{2F93C00F-E19E-44E8-87BF-DF73E3647F18}"= TCP:c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:sqlbrowser
"{5F4AFEBA-5891-4B75-B4EA-3F4F3F515AF1}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:firefox
"{545A4110-6292-4D58-9243-DEAEF3EAD800}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:firefox
"{4D80CD07-52BE-46EE-9687-5583B3783445}"= TCP:4500:IPsec (IKE NAT-T)
"{5F43047F-FE29-4657-9F35-3D0FE9D52BE8}"= TCP:500:IPsec (IKE)
"{EE2DC725-89A9-4F20-898A-1F0B4A826155}"= UDP:135:RPC Endpoint Mapper and DCOM infrastructure
"{E0FC5597-1443-4647-87D3-E980AC60FA7A}"= UDP:c:\program files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe:Visual Studio Remote Debugging Monitor
"{F4104804-0C9C-4374-8FAD-CCAEC6063372}"= TCP:c:\program files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe:Visual Studio Remote Debugging Monitor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-16 111184]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Adam 4.3.0.0 Indexer Service;Adam 4.3.0.0 Indexer Service;"c:\program files\Adam Software\Adam\Adam.Core.Indexer.exe" [2008-10-02 32768]
R2 Adam 4.3.0.0 Service;Adam 4.3.0.0 Service;"c:\program files\Adam Software\Adam\Adam.Core.Server.exe" [2008-10-02 53248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-16 51792]
R2 MsDtsServer;SQL Server Integration Services;"c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2008-02-26 205840]
R2 msftesql$MSSQL05;SQL Server FullText Search (MSSQL05);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQL05 [2006-08-28 92952]
R2 MSSQL$MSSQL05;SQL Server (MSSQL05);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQL05 [2008-02-26 29183504]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S2 RapidPort;RapidPort;\??\c:\windows\system32\Drivers\CAPLPTN.SYS [2008-10-26 22912]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 SQLAgent$MSSQL05;SQL Server Agent (MSSQL05);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQL05 [2007-02-10 344944]
S3 VSPerfDrv90;Performance Tools Driver 9.0;\??\c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 11264]
S3 Xceed.Chart.Renderer.Service;Xceed Chart for ASP.NET Renderer Service;"c:\program files\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe" [2008-10-16 106496]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2007-02-22 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ed4cec-a816-11dd-8d20-001d09da457a}]
\shell\AutoRun\command - 9w2.cmd
\shell\explore\Command - 9w2.cmd
\shell\open\Command - 9w2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79723177-c13c-11dd-9a37-001d09da457a}]
\shell\AutoRun\command - G:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 23:47]
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 01:44:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000006F1F492406BE7250D5 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-12-18 1:53:34
ComboFix-quarantined-files.txt 2008-12-18 00:53:31

Pre-Run: 4,526,391,296 bytes free
Post-Run: 4,546,617,344 bytes free

293 --- E O F --- 2008-12-12 09:00:56
===============================================

and

===============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:52 AM, on 12/18/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.5.2:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;gru;dark;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CAPON] C:\Windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup copy] "C:\ProgramData\loudlistlist.sqdql"
O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\iso phone delete.boiq8"
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hinttechusa.webex.com/client...x/ieatgpc1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adam 4.3.0.0 Indexer Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Indexer.exe
O23 - Service: Adam 4.3.0.0 Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Server.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Xceed Chart for ASP.NET Renderer Service (Xceed.Chart.Renderer.Service) - Xceed Software Inc. - C:\Program Files\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe

--
End of file - 9056 bytes
==============================

waithing instruction....
thnaks a lott

**evilfantasy** · #6 18th Dec 2008, 16:38

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

lpastor · #7 19th Dec 2008, 02:55

here :

=============

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

MicrosoftÂ® Windows Vistaâ„¢ Business ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11
USER : Laslo Pastor ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:27 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:32 Go (Free:24 Go)
E:\ (Local Disk) - NTFS - Total:51 Go (Free:20 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Fri 12/19/2008| 9:56 )

[ UAC => 0 ]

--------------------\\ Listing folders in Local

[10/30/2008|08:26] C:\Users\LASLOP~1\AppData\Local\<DIR> Adobe
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> Application Data
[11/24/2008|02:52] C:\Users\LASLOP~1\AppData\Local\<DIR> Apps
[10/25/2008|11:06] C:\Users\LASLOP~1\AppData\Local\552 d3d8caps.dat
[12/15/2008|08:45] C:\Users\LASLOP~1\AppData\Local\1,356 d3d9caps.dat
[12/18/2008|11:32] C:\Users\LASLOP~1\AppData\Local\178,176 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/15/2008|08:50] C:\Users\LASLOP~1\AppData\Local\<DIR> Deployment
[11/28/2008|12:15] C:\Users\LASLOP~1\AppData\Local\<DIR> Downloaded Installations
[11/03/2008|09:22] C:\Users\LASLOP~1\AppData\Local\76,040 GDIPFONTCACHEV1.DAT
[11/03/2008|11:34] C:\Users\LASLOP~1\AppData\Local\<DIR> GlobalSCAPE
[12/19/2008|09:21] C:\Users\LASLOP~1\AppData\Local\<DIR> Google
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> History
[12/19/2008|01:06] C:\Users\LASLOP~1\AppData\Local\4,142,206 IconCache.db
[12/16/2008|09:34] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft
[12/12/2008|10:27] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft Games
[11/03/2008|11:51] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft Help
[10/25/2008|05:59] C:\Users\LASLOP~1\AppData\Local\<DIR> Mozilla
[10/27/2008|09:37] C:\Users\LASLOP~1\AppData\Local\<DIR> Symantec_Corporation
[12/19/2008|09:56] C:\Users\LASLOP~1\AppData\Local\<DIR> Temp
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> Temporary Internet Files
[10/30/2008|08:26] C:\Users\LASLOP~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[12/18/2008 11:51 PM][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
[12/19/2008 09:18 AM][--ah-----] C:\Windows\tasks\SA.DAT
[12/19/2008 01:06 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[10/31/2008|01:46] C:\ProgramData\<DIR> Adobe
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Application Data
[11/18/2008|02:18] C:\ProgramData\<DIR> Applications
[12/16/2008|09:34] C:\ProgramData\<DIR> avg8
[12/10/2008|08:08] C:\ProgramData\<DIR> BoobLongCake
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Documents
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Favorites
[10/31/2008|02:28] C:\ProgramData\<DIR> FLEXnet
[10/26/2008|09:08] C:\ProgramData\<DIR> FreeDownloadManager.ORG
[12/17/2008|01:09] C:\ProgramData\<DIR> Google
[12/18/2008|03:07] C:\ProgramData\<DIR> Google Updater
[12/10/2008|08:08] C:\ProgramData\8,208 iso phone delete.boiq8
[10/28/2008|08:24] C:\ProgramData\<DIR> Lavasoft
[10/30/2008|03:44] C:\ProgramData\<DIR> Logishrd
[10/29/2008|08:58] C:\ProgramData\<DIR> Logitech
[11/26/2008|08:59] C:\ProgramData\237,584 loudlistlist.a39d307
[12/10/2008|08:08] C:\ProgramData\155,664 loudlistlist.dickz
[12/10/2008|08:08] C:\ProgramData\307,216 loudlistlist.sqdql
[12/17/2008|12:49] C:\ProgramData\<DIR> Malwarebytes
[12/15/2008|09:00] C:\ProgramData\<DIR> Microsoft
[12/15/2008|08:51] C:\ProgramData\<DIR> Microsoft Help
[12/06/2008|12:52] C:\ProgramData\<DIR> POPWWPROFILES
[10/25/2008|05:30] C:\ProgramData\<DIR> PreEmptive Solutions
[10/28/2008|09:25] C:\ProgramData\<DIR> Skype
[12/17/2008|08:31] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Start Menu
[12/17/2008|08:35] C:\ProgramData\<DIR> SUPERAntiSpyware.com
[12/18/2008|12:30] C:\ProgramData\<DIR> Symantec
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Templates
[12/10/2008|08:08] C:\ProgramData\<DIR> way rdr ford mpeg
[11/03/2008|10:05] C:\ProgramData\<DIR> WebEx
[11/28/2008|12:17] C:\ProgramData\<DIR> Xceed Software

--------------------\\ Listing Folders in C:\Program Files

[11/03/2008|12:37] C:\Program Files\<DIR> activePDF
[11/24/2008|12:54] C:\Program Files\<DIR> Adam Software
[10/31/2008|01:40] C:\Program Files\<DIR> Adobe
[12/16/2008|09:44] C:\Program Files\<DIR> Alwil Software
[10/25/2008|11:31] C:\Program Files\<DIR> AVG
[10/31/2008|01:41] C:\Program Files\<DIR> Bonjour
[10/25/2008|05:41] C:\Program Files\<DIR> Business Objects
[12/17/2008|08:27] C:\Program Files\<DIR> CCleaner
[10/27/2008|08:21] C:\Program Files\<DIR> CDBurnerXP
[10/25/2008|05:27] C:\Program Files\<DIR> CE Remote Tools
[12/18/2008|01:43] C:\Program Files\<DIR> Common Files
[12/03/2008|02:18] C:\Program Files\<DIR> DAEMON Tools Lite
[12/03/2008|02:18] C:\Program Files\<DIR> DAEMON Tools Toolbar
[11/05/2008|04:18] C:\Program Files\<DIR> EMS
[11/20/2008|10:27] C:\Program Files\<DIR> Fiddler2
[11/19/2008|08:42] C:\Program Files\<DIR> FileZilla FTP Client
[10/26/2008|09:08] C:\Program Files\<DIR> Free Download Manager
[10/31/2008|09:15] C:\Program Files\<DIR> GIMP-2.0
[12/17/2008|06:35] C:\Program Files\<DIR> Google
[12/05/2008|02:41] C:\Program Files\<DIR> InstallShield Installation Information
[12/18/2008|12:42] C:\Program Files\<DIR> Internet Explorer
[12/15/2008|09:23] C:\Program Files\<DIR> Lavasoft
[10/29/2008|08:58] C:\Program Files\<DIR> Logitech
[12/17/2008|12:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[12/18/2008|01:16] C:\Program Files\<DIR> Microsoft
[10/25/2008|04:05] C:\Program Files\<DIR> Microsoft Analysis Services
[10/27/2008|03:14] C:\Program Files\<DIR> Microsoft ASP.NET
[10/25/2008|05:38] C:\Program Files\<DIR> Microsoft Device Emulator
[12/15/2008|09:12] C:\Program Files\<DIR> Microsoft Expression
[10/25/2008|11:25] C:\Program Files\<DIR> Microsoft Games
[11/18/2008|02:19] C:\Program Files\<DIR> Microsoft Office
[10/25/2008|05:27] C:\Program Files\<DIR> Microsoft SDKs
[11/12/2008|12:08] C:\Program Files\<DIR> Microsoft Silverlight
[12/15/2008|08:53] C:\Program Files\<DIR> Microsoft SQL Server
[10/25/2008|05:36] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[10/25/2008|05:36] C:\Program Files\<DIR> Microsoft Synchronization Services
[10/25/2008|02:01] C:\Program Files\<DIR> Microsoft Visual Studio
[11/13/2008|10:57] C:\Program Files\<DIR> Microsoft Visual Studio 8
[12/15/2008|08:44] C:\Program Files\<DIR> Microsoft Visual Studio 9.0
[10/25/2008|05:26] C:\Program Files\<DIR> Microsoft Web Designer Tools
[10/25/2008|02:01] C:\Program Files\<DIR> Microsoft Works
[10/25/2008|05:35] C:\Program Files\<DIR> Microsoft.NET
[01/21/2008|03:35] C:\Program Files\<DIR> Movie Maker
[12/19/2008|09:21] C:\Program Files\<DIR> Mozilla Firefox
[10/25/2008|05:30] C:\Program Files\<DIR> MSBuild
[11/07/2008|08:25] C:\Program Files\<DIR> MSXML 4.0
[11/08/2008|12:23] C:\Program Files\<DIR> Notepad++
[11/02/2006|01:37] C:\Program Files\<DIR> Reference Assemblies
[11/28/2008|09:00] C:\Program Files\<DIR> reflector
[11/13/2008|08:49] C:\Program Files\<DIR> Skype
[12/15/2008|11:38] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/25/2008|04:15] C:\Program Files\<DIR> SQLXML 4.0
[12/17/2008|08:35] C:\Program Files\<DIR> SUPERAntiSpyware
[10/27/2008|08:34] C:\Program Files\<DIR> Symantec
[12/16/2008|09:51] C:\Program Files\<DIR> Trend Micro
[11/02/2006|02:01] C:\Program Files\<DIR> Uninstall Information
[10/25/2008|07:53] C:\Program Files\<DIR> VideoLAN
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Calendar
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Collaboration
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Defender
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Journal
[12/10/2008|08:39] C:\Program Files\<DIR> Windows Mail
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Media Player
[10/25/2008|05:37] C:\Program Files\<DIR> Windows Mobile 5.0 SDK R2
[11/02/2006|01:37] C:\Program Files\<DIR> Windows NT
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Photo Gallery
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Sidebar
[12/18/2008|12:41] C:\Program Files\<DIR> WinMerge
[11/03/2008|08:26] C:\Program Files\<DIR> WinRAR
[11/28/2008|12:17] C:\Program Files\<DIR> Xceed Components

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/31/2008|01:53] C:\Program Files\Common Files\<DIR> Adobe
[10/25/2008|02:01] C:\Program Files\Common Files\<DIR> DESIGNER
[11/06/2008|08:53] C:\Program Files\Common Files\<DIR> gemplus
[12/05/2008|02:38] C:\Program Files\Common Files\<DIR> InstallShield
[10/29/2008|08:58] C:\Program Files\Common Files\<DIR> logishrd
[10/31/2008|01:35] C:\Program Files\Common Files\<DIR> Macrovision Shared
[10/25/2008|05:30] C:\Program Files\Common Files\<DIR> Merge Modules
[11/26/2008|08:10] C:\Program Files\Common Files\<DIR> microsoft shared
[11/02/2006|12:18] C:\Program Files\Common Files\<DIR> Services
[10/28/2008|09:25] C:\Program Files\Common Files\<DIR> Skype
[11/02/2006|12:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/21/2008|03:35] C:\Program Files\Common Files\<DIR> System
[12/17/2008|08:35] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 80 Processes )

iexplore.exe ~ [PID:4560]

--------------------\\ Searching with S_Lop

C:\ProgramData\iso phone delete.boiq8
C:\ProgramData\loudlistlist.dickz
C:\ProgramData\loudlistlist.sqdql
C:\ProgramData\loudlistlist.a39d307
C:\ProgramData\BOOBLO~1
C:\ProgramData\BOOBLO~1\hwdowyqt.exe
C:\ProgramData\BOOBLO~1\nurb window pure.exe

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\way rdr ford mpeg
C:\ProgramData\way rdr ford mpeg\skip load.exe
C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@www.adserver5[1].txt
C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@advertising.marketnetwork[2].txt
C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@advertising[1].txt
C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@32vegas[1].txt
C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@banner.32vegas[2].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\forkexitcomp]
"DisplayName"="CiD Help"
"UninstallString"="C:\\PROGRA~2\\BOOBLO~1\\nurb window pure.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ford mpeg road draw"="\"C:\\ProgramData\\iso phone delete.boiq8\""
"setup copy"="\"C:\\ProgramData\\loudlistlist.sqdql\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 09:56:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:19][D:15]-> C:\Users\LASLOP~1\AppData\Local\Temp
[F:66][D:1]-> C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2724][D:9]-> C:\Users\LASLOP~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:147][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Fri 12/19/2008| 9:58 - Option : [1]

--------------------\\ Scan completed at 9:58:35
[ UAC => 1 ]

========================================

thnks in advance

**evilfantasy** · #8 19th Dec 2008, 12:01

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

Double click LopSD.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window.
Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
Wait until the end of the scan.
A report will be generated, post the contents of it in your next reply, along with a HijackThis log.

lpastor · #9 19th Dec 2008, 15:30

Logs are:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

MicrosoftÂ® Windows Vistaâ„¢ Business ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11
USER : Laslo Pastor ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:27 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:32 Go (Free:24 Go)
E:\ (Local Disk) - NTFS - Total:51 Go (Free:20 Go)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( Fri 12/19/2008|23:22 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\ProgramData\way rdr ford mpeg\skip load.exe
Deleted! - C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@www.adserver5[1].txt
Deleted! - C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@advertising.marketnetwork[2].txt
Deleted! - C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@advertising[1].txt
Deleted! - C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@32vegas[1].txt
Deleted! - C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies\laslo_pastor@banner.32vegas[2].txt
Deleted! - C:\ProgramData\iso phone delete.boiq8
Deleted! - C:\ProgramData\loudlistlist.dickz
Deleted! - C:\ProgramData\loudlistlist.sqdql
Deleted! - C:\ProgramData\loudlistlist.a39d307
Deleted! - C:\ProgramData\BOOBLO~1\hwdowyqt.exe
Deleted! - C:\ProgramData\BOOBLO~1\nurb window pure.exe
Deleted! - C:\ProgramData\way rdr ford mpeg
Deleted! - C:\ProgramData\BOOBLO~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in Local

[10/30/2008|08:26] C:\Users\LASLOP~1\AppData\Local\<DIR> Adobe
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> Application Data
[11/24/2008|02:52] C:\Users\LASLOP~1\AppData\Local\<DIR> Apps
[10/25/2008|11:06] C:\Users\LASLOP~1\AppData\Local\552 d3d8caps.dat
[12/15/2008|08:45] C:\Users\LASLOP~1\AppData\Local\1,356 d3d9caps.dat
[12/18/2008|11:32] C:\Users\LASLOP~1\AppData\Local\178,176 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/15/2008|08:50] C:\Users\LASLOP~1\AppData\Local\<DIR> Deployment
[11/28/2008|12:15] C:\Users\LASLOP~1\AppData\Local\<DIR> Downloaded Installations
[11/03/2008|09:22] C:\Users\LASLOP~1\AppData\Local\76,040 GDIPFONTCACHEV1.DAT
[11/03/2008|11:34] C:\Users\LASLOP~1\AppData\Local\<DIR> GlobalSCAPE
[12/19/2008|10:38] C:\Users\LASLOP~1\AppData\Local\<DIR> Google
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> History
[12/19/2008|11:07] C:\Users\LASLOP~1\AppData\Local\4,144,472 IconCache.db
[12/16/2008|09:34] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft
[12/12/2008|10:27] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft Games
[11/03/2008|11:51] C:\Users\LASLOP~1\AppData\Local\<DIR> Microsoft Help
[10/25/2008|05:59] C:\Users\LASLOP~1\AppData\Local\<DIR> Mozilla
[10/27/2008|09:37] C:\Users\LASLOP~1\AppData\Local\<DIR> Symantec_Corporation
[12/19/2008|11:22] C:\Users\LASLOP~1\AppData\Local\<DIR> Temp
[10/25/2008|01:42] C:\Users\LASLOP~1\AppData\Local\<JUNCTION> Temporary Internet Files
[10/30/2008|08:26] C:\Users\LASLOP~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[12/19/2008 10:42 AM][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
[12/19/2008 10:36 PM][--ah-----] C:\Windows\tasks\SA.DAT
[12/19/2008 11:08 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[10/31/2008|01:46] C:\ProgramData\<DIR> Adobe
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Application Data
[11/18/2008|02:18] C:\ProgramData\<DIR> Applications
[12/16/2008|09:34] C:\ProgramData\<DIR> avg8
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Documents
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Favorites
[10/31/2008|02:28] C:\ProgramData\<DIR> FLEXnet
[10/26/2008|09:08] C:\ProgramData\<DIR> FreeDownloadManager.ORG
[12/17/2008|01:09] C:\ProgramData\<DIR> Google
[12/19/2008|10:50] C:\ProgramData\<DIR> Google Updater
[10/28/2008|08:24] C:\ProgramData\<DIR> Lavasoft
[10/30/2008|03:44] C:\ProgramData\<DIR> Logishrd
[10/29/2008|08:58] C:\ProgramData\<DIR> Logitech
[12/17/2008|12:49] C:\ProgramData\<DIR> Malwarebytes
[12/15/2008|09:00] C:\ProgramData\<DIR> Microsoft
[12/15/2008|08:51] C:\ProgramData\<DIR> Microsoft Help
[12/06/2008|12:52] C:\ProgramData\<DIR> POPWWPROFILES
[10/25/2008|05:30] C:\ProgramData\<DIR> PreEmptive Solutions
[10/28/2008|09:25] C:\ProgramData\<DIR> Skype
[12/17/2008|08:31] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Start Menu
[12/17/2008|08:35] C:\ProgramData\<DIR> SUPERAntiSpyware.com
[12/18/2008|12:30] C:\ProgramData\<DIR> Symantec
[11/02/2006|02:02] C:\ProgramData\<JUNCTION> Templates
[11/03/2008|10:05] C:\ProgramData\<DIR> WebEx
[11/28/2008|12:17] C:\ProgramData\<DIR> Xceed Software

--------------------\\ Listing Folders in C:\Program Files

[11/03/2008|12:37] C:\Program Files\<DIR> activePDF
[11/24/2008|12:54] C:\Program Files\<DIR> Adam Software
[10/31/2008|01:40] C:\Program Files\<DIR> Adobe
[12/16/2008|09:44] C:\Program Files\<DIR> Alwil Software
[10/25/2008|11:31] C:\Program Files\<DIR> AVG
[10/31/2008|01:41] C:\Program Files\<DIR> Bonjour
[10/25/2008|05:41] C:\Program Files\<DIR> Business Objects
[12/17/2008|08:27] C:\Program Files\<DIR> CCleaner
[10/27/2008|08:21] C:\Program Files\<DIR> CDBurnerXP
[10/25/2008|05:27] C:\Program Files\<DIR> CE Remote Tools
[12/18/2008|01:43] C:\Program Files\<DIR> Common Files
[12/03/2008|02:18] C:\Program Files\<DIR> DAEMON Tools Lite
[12/03/2008|02:18] C:\Program Files\<DIR> DAEMON Tools Toolbar
[11/05/2008|04:18] C:\Program Files\<DIR> EMS
[11/20/2008|10:27] C:\Program Files\<DIR> Fiddler2
[11/19/2008|08:42] C:\Program Files\<DIR> FileZilla FTP Client
[10/26/2008|09:08] C:\Program Files\<DIR> Free Download Manager
[10/31/2008|09:15] C:\Program Files\<DIR> GIMP-2.0
[12/17/2008|06:35] C:\Program Files\<DIR> Google
[12/05/2008|02:41] C:\Program Files\<DIR> InstallShield Installation Information
[12/18/2008|12:42] C:\Program Files\<DIR> Internet Explorer
[12/15/2008|09:23] C:\Program Files\<DIR> Lavasoft
[10/29/2008|08:58] C:\Program Files\<DIR> Logitech
[12/17/2008|12:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[12/18/2008|01:16] C:\Program Files\<DIR> Microsoft
[10/25/2008|04:05] C:\Program Files\<DIR> Microsoft Analysis Services
[10/27/2008|03:14] C:\Program Files\<DIR> Microsoft ASP.NET
[10/25/2008|05:38] C:\Program Files\<DIR> Microsoft Device Emulator
[12/15/2008|09:12] C:\Program Files\<DIR> Microsoft Expression
[10/25/2008|11:25] C:\Program Files\<DIR> Microsoft Games
[11/18/2008|02:19] C:\Program Files\<DIR> Microsoft Office
[10/25/2008|05:27] C:\Program Files\<DIR> Microsoft SDKs
[11/12/2008|12:08] C:\Program Files\<DIR> Microsoft Silverlight
[12/15/2008|08:53] C:\Program Files\<DIR> Microsoft SQL Server
[10/25/2008|05:36] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[10/25/2008|05:36] C:\Program Files\<DIR> Microsoft Synchronization Services
[10/25/2008|02:01] C:\Program Files\<DIR> Microsoft Visual Studio
[11/13/2008|10:57] C:\Program Files\<DIR> Microsoft Visual Studio 8
[12/15/2008|08:44] C:\Program Files\<DIR> Microsoft Visual Studio 9.0
[10/25/2008|05:26] C:\Program Files\<DIR> Microsoft Web Designer Tools
[10/25/2008|02:01] C:\Program Files\<DIR> Microsoft Works
[10/25/2008|05:35] C:\Program Files\<DIR> Microsoft.NET
[01/21/2008|03:35] C:\Program Files\<DIR> Movie Maker
[12/19/2008|10:15] C:\Program Files\<DIR> Mozilla Firefox
[10/25/2008|05:30] C:\Program Files\<DIR> MSBuild
[11/07/2008|08:25] C:\Program Files\<DIR> MSXML 4.0
[11/08/2008|12:23] C:\Program Files\<DIR> Notepad++
[11/02/2006|01:37] C:\Program Files\<DIR> Reference Assemblies
[11/28/2008|09:00] C:\Program Files\<DIR> reflector
[11/13/2008|08:49] C:\Program Files\<DIR> Skype
[12/15/2008|11:38] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/25/2008|04:15] C:\Program Files\<DIR> SQLXML 4.0
[12/17/2008|08:35] C:\Program Files\<DIR> SUPERAntiSpyware
[10/27/2008|08:34] C:\Program Files\<DIR> Symantec
[12/16/2008|09:51] C:\Program Files\<DIR> Trend Micro
[11/02/2006|02:01] C:\Program Files\<DIR> Uninstall Information
[10/25/2008|07:53] C:\Program Files\<DIR> VideoLAN
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Calendar
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Collaboration
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Defender
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Journal
[12/10/2008|08:39] C:\Program Files\<DIR> Windows Mail
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Media Player
[10/25/2008|05:37] C:\Program Files\<DIR> Windows Mobile 5.0 SDK R2
[11/02/2006|01:37] C:\Program Files\<DIR> Windows NT
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Photo Gallery
[01/21/2008|03:35] C:\Program Files\<DIR> Windows Sidebar
[12/18/2008|12:41] C:\Program Files\<DIR> WinMerge
[11/03/2008|08:26] C:\Program Files\<DIR> WinRAR
[11/28/2008|12:17] C:\Program Files\<DIR> Xceed Components

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/31/2008|01:53] C:\Program Files\Common Files\<DIR> Adobe
[10/25/2008|02:01] C:\Program Files\Common Files\<DIR> DESIGNER
[11/06/2008|08:53] C:\Program Files\Common Files\<DIR> gemplus
[12/05/2008|02:38] C:\Program Files\Common Files\<DIR> InstallShield
[10/29/2008|08:58] C:\Program Files\Common Files\<DIR> logishrd
[10/31/2008|01:35] C:\Program Files\Common Files\<DIR> Macrovision Shared
[10/25/2008|05:30] C:\Program Files\Common Files\<DIR> Merge Modules
[11/26/2008|08:10] C:\Program Files\Common Files\<DIR> microsoft shared
[11/02/2006|12:18] C:\Program Files\Common Files\<DIR> Services
[10/28/2008|09:25] C:\Program Files\Common Files\<DIR> Skype
[11/02/2006|12:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/21/2008|03:35] C:\Program Files\Common Files\<DIR> System
[12/17/2008|08:35] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 78 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 23:22:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:21][D:16]-> C:\Users\LASLOP~1\AppData\Local\Temp
[F:68][D:1]-> C:\Users\LASLOP~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2814][D:9]-> C:\Users\LASLOP~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:147][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Fri 12/19/2008| 9:58 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 12/19/2008|23:24 - Option : [2]

--------------------\\ Scan completed at 23:24:42
[ UAC => 1 ]

=============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:52 PM, on 12/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.5.2:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;gru;dark;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CAPON] C:\Windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Laslo Pastor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hinttechusa.webex.com/client...x/ieatgpc1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adam 4.3.0.0 Indexer Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Indexer.exe
O23 - Service: Adam 4.3.0.0 Service - Adam Software - C:\Program Files\Adam Software\Adam\Adam.Core.Server.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Xceed Chart for ASP.NET Renderer Service (Xceed.Chart.Renderer.Service) - Xceed Software Inc. - C:\Program Files\Xceed Components\Bin\.NET\Xceed.Chart.Renderer.Service.exe

--
End of file - 9360 bytes

===================

waiting for next step

**evilfantasy** · #10 19th Dec 2008, 15:58

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I wanna learn how to do graphic art.	abelong	Multimedia & Codecs	2	25th May 2009 14:23
Iexplorer bad image- HELPPPP Please	soupman23	Virus, Spyware & Security	11	29th Dec 2008 00:52
Iexplorer.exe virus - please help me!!	Giant Panda	Virus, Spyware & Security	2	6th Oct 2008 14:55
I'm getting the bone.exe virus for my iexplorer	damandg	Virus, Spyware & Security	12	14th Jul 2008 14:31
Iexplorer.exe virus	iuboy2006	Virus, Spyware & Security	9	26th Mar 2008 08:12