lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Trojan Winzix and Consequences.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 20th Feb 2009, 14:46
Member Group
  
Hello!I am a new member and i would like your help.I read the instructions and i hope i will give you the information that you need.(Sorry if a do something wrong and sorry for my english -i am from greece :P)

Today i accidentally,or better stupidly installed winzix.I discovered later,that it is a trojan and made some procedures that i know to remove it.I ran programs like adaware, spybot and ccleaner.I even manually deleted every file that was connected to winzix but besides what i did some weird windows popped up from ie7 and iexplore.exe was noticed in task manager.
Lately i saw in add/remove from control panel a program named cid help.I uninstalled it and everything look normal again.

So i want you to help me understand if everything is ok,or if my pc is still infected.I will post the logs from the programs that you ask.

Thanx in advance!


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/20/2009 at 11:14 PM

Application Version : 4.25.1012

Core Rules Database Version : 3769
Trace Rules Database Version: 1729

Scan type : Complete Scan
Total Scan Time : 01:52:30

Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 6329
Registry threats detected : 0
File items scanned : 196788
File threats detected : 9

Trojan.Unknown Origin
C:\CONFIG.MSI\77E5F.RBF

Adware.Tracking Cookie
C:\Documents and Settings\Dimosthenis\Cookies\dimosthenis@ad.yieldm anager[2].txt
C:\Documents and Settings\Dimosthenis\Cookies\dimosthenis@atdmt[1].txt
C:\Documents and Settings\Dimosthenis\Cookies\dimosthenis@content.y ieldmanager.edgesuite[1].txt
C:\Documents and Settings\Dimosthenis\Cookies\dimosthenis@content.y ieldmanager[1].txt

Trojan.Agent/Gen-ImageDocFake
C:\DOCUMENTS AND SETTINGS\DIMOSTHENIS\MY DOCUMENTS\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\SKINS\EL TORERO\GRAPHICS\MENU\CUSTOM\RECENT\BUTTON_CLICKED_ RIGHT.PNG
G:\DIMOSTHENIS\PICTURES\CELEBRITIES\DIANE LANE\GHY7.JPG
G:\DIMOSTHENIS\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\SKINS\EL TORERO\GRAPHICS\MENU\CUSTOM\RECENT\BUTTON_CLICKED_ RIGHT.PNG

Adware.Casino Games (Golden Palace Casino)
G:\ALEXIA\ALEXIA'S DOWNLOADS\FUN\CASINO.EXE



Malwarebytes' Anti-Malware 1.34
Database version: 1782
Windows 5.1.2600 Service Pack 3

2/20/2009 11:30:27 PM
mbam-log-2009-02-20 (23-30-27).txt

Scan type: Quick Scan
Objects scanned: 68030
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msqpdxwutuipen.dll (Trojan.Agent) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:44 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\juice.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: A?iooie? ooi OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: A&?iooie? ooi OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231022274562
O18 - Protocol: bw+0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9BF32180-CD9F-4E25-B81D-49521104624D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\kloehk.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 19331 bytes
  #2  
Old 20th Feb 2009, 15:31
Moderator Group
  
Welcome to CJ.

Go to Add or Remove Programs and uninstall Logitech Desktop Messenger. Removing it won't effect your Logitech software. It's not needed and just takes up space.

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
__________________
  #3  
Old 20th Feb 2009, 15:57
Member Group
  
What do you think?Is everything ok?


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Dimosthenis ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.357 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.357 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:116 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:287 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 02/21/2009| 0:52 )

--------------------\\ Listing folders in APPLIC~1

[01/04/2009|05:32] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Adobe
[02/01/2009|08:01] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Ahead
[02/18/2009|01:20] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> DMCache
[02/01/2009|12:53] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> GameHouse
[01/04/2009|04:50] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Identities
[01/04/2009|05:35] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> IDM
[02/01/2009|09:20] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> ImgBurn
[01/04/2009|04:50] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Logitech
[01/04/2009|05:32] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Macromedia
[02/18/2009|01:23] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Microsoft
[01/04/2009|05:01] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Mozilla
[01/10/2009|12:47] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> vlc

[01/04/2009|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {55A29068-F2CE-456C-9148-C869879E2357}
[01/08/2009|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/10/2009|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[02/20/2009|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fighters
[02/20/2009|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[02/20/2009|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[01/04/2009|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[02/10/2009|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> KONAMI
[01/04/2009|03:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/03/2009|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[02/20/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/29/2009|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/09/2009|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[01/04/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[01/04/2009|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> OrbNetworks
[01/09/2009|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sports Interactive
[02/20/2009|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/20/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[02/04/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/20/2009|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Tick Find Close Surf
[02/12/2009|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[01/04/2009|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TuneUp Software
[01/04/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/04/2009|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[01/07/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/02/2009|05:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/08/2009|07:22] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Adobe
[01/17/2009|10:25] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Ahead
[01/03/2009|05:27] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> ATI
[02/20/2009|11:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> DMCache
[01/15/2009|12:25] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> FMA
[01/04/2009|03:06] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Google
[01/02/2009|06:00] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Identities
[01/08/2009|06:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> IDM
[01/08/2009|07:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> ImgBurn
[01/04/2009|04:11] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> InstallShield
[01/03/2009|06:44] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Logitech
[01/03/2009|11:38] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Macromedia
[02/20/2009|11:23] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Malwarebytes
[01/04/2009|06:01] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Media Player Classic
[02/16/2009|02:55] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Microsoft
[01/03/2009|11:45] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Mozilla
[01/15/2009|12:47] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> MyPhoneExplorer
[02/06/2009|03:45] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Real
[01/09/2009|08:42] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Sports Interactive
[01/04/2009|01:56] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Sun
[02/20/2009|09:11] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/04/2009|05:10] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> TuneUp Software
[02/20/2009|02:30] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Uniblue
[02/21/2009|12:52] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> uTorrent
[01/04/2009|04:46] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> vlc
[01/04/2009|05:04] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Winamp
[01/03/2009|06:31] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> WinRAR

[01/02/2009|05:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/02/2009|05:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/20/2009 11:32 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[03/31/2003 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/08/2009|07:22] C:\Program Files\<DIR> Adobe
[01/04/2009|06:31] C:\Program Files\<DIR> ATI Technologies
[01/04/2009|04:01] C:\Program Files\<DIR> AudioToolsFactory
[01/03/2009|05:08] C:\Program Files\<DIR> AvRack
[01/04/2009|05:03] C:\Program Files\<DIR> BS.Player ControlBar
[01/04/2009|02:55] C:\Program Files\<DIR> CCleaner
[02/20/2009|11:33] C:\Program Files\<DIR> Chameleon Clock
[01/08/2009|07:22] C:\Program Files\<DIR> Common Files
[01/02/2009|05:55] C:\Program Files\<DIR> ComPlus Applications
[01/04/2009|02:51] C:\Program Files\<DIR> CursorXP
[02/16/2009|04:03] C:\Program Files\<DIR> DC++
[01/04/2009|04:24] C:\Program Files\<DIR> Dictionaries Explorer
[02/01/2009|08:11] C:\Program Files\<DIR> directx
[02/20/2009|09:12] C:\Program Files\<DIR> Fighters
[01/15/2009|12:28] C:\Program Files\<DIR> Fma
[02/16/2009|10:30] C:\Program Files\<DIR> Garena
[01/04/2009|03:06] C:\Program Files\<DIR> Google
[01/03/2009|06:10] C:\Program Files\<DIR> HP
[01/04/2009|02:56] C:\Program Files\<DIR> Illustrate
[01/04/2009|03:19] C:\Program Files\<DIR> ImgBurn
[02/16/2009|10:27] C:\Program Files\<DIR> InstallShield Installation Information
[01/03/2009|05:06] C:\Program Files\<DIR> Intel
[01/06/2009|01:24] C:\Program Files\<DIR> Internet Download Manager
[01/27/2009|06:57] C:\Program Files\<DIR> Internet Explorer
[01/09/2009|04:37] C:\Program Files\<DIR> iriver
[01/04/2009|01:58] C:\Program Files\<DIR> Java
[01/04/2009|02:07] C:\Program Files\<DIR> Kaspersky Lab
[01/04/2009|05:58] C:\Program Files\<DIR> K-Lite Codec Pack
[02/10/2009|01:39] C:\Program Files\<DIR> KONAMI
[01/04/2009|03:31] C:\Program Files\<DIR> Lavalys
[01/04/2009|03:43] C:\Program Files\<DIR> Lavasoft
[01/03/2009|06:28] C:\Program Files\<DIR> LightSurf
[02/21/2009|12:39] C:\Program Files\<DIR> Logitech
[02/20/2009|11:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/03/2009|05:13] C:\Program Files\<DIR> Marvell
[01/04/2009|01:30] C:\Program Files\<DIR> Messenger
[01/29/2009|11:51] C:\Program Files\<DIR> Microsoft
[01/02/2009|05:57] C:\Program Files\<DIR> microsoft frontpage
[01/03/2009|05:57] C:\Program Files\<DIR> Microsoft Hardware
[01/08/2009|07:37] C:\Program Files\<DIR> Microsoft Office
[01/08/2009|07:41] C:\Program Files\<DIR> Microsoft Visual Studio
[01/08/2009|07:38] C:\Program Files\<DIR> Microsoft Visual Studio 8
[01/09/2009|06:12] C:\Program Files\<DIR> Microsoft Works
[02/20/2009|12:39] C:\Program Files\<DIR> Minilyrics
[01/03/2009|06:39] C:\Program Files\<DIR> Movie Maker
[02/20/2009|11:34] C:\Program Files\<DIR> Mozilla Firefox
[01/09/2009|06:12] C:\Program Files\<DIR> MSBuild
[01/09/2009|05:45] C:\Program Files\<DIR> MSECACHE
[01/02/2009|05:55] C:\Program Files\<DIR> MSN
[01/02/2009|05:55] C:\Program Files\<DIR> MSN Gaming Zone
[01/04/2009|01:34] C:\Program Files\<DIR> MSXML 4.0
[01/15/2009|12:46] C:\Program Files\<DIR> MyPhoneExplorer
[01/06/2009|12:48] C:\Program Files\<DIR> myTV
[01/04/2009|04:34] C:\Program Files\<DIR> Nero
[01/03/2009|06:38] C:\Program Files\<DIR> NetMeeting
[01/02/2009|05:55] C:\Program Files\<DIR> Online Services
[01/03/2009|06:38] C:\Program Files\<DIR> Outlook Express
[01/09/2009|01:34] C:\Program Files\<DIR> Play65
[01/03/2009|05:08] C:\Program Files\<DIR> Realtek Sound Manager
[02/06/2009|03:43] C:\Program Files\<DIR> RM Converter
[02/06/2009|03:54] C:\Program Files\<DIR> RM Files Converter
[01/15/2009|12:17] C:\Program Files\<DIR> smsgee
[01/07/2009|09:44] C:\Program Files\<DIR> SopCast
[01/04/2009|04:31] C:\Program Files\<DIR> SpeedFan
[01/09/2009|08:31] C:\Program Files\<DIR> Sports Interactive
[02/20/2009|11:18] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/04/2009|06:27] C:\Program Files\<DIR> Stardock
[01/22/2009|12:58] C:\Program Files\<DIR> SubDownloader2
[02/20/2009|09:11] C:\Program Files\<DIR> SUPERAntiSpyware
[01/05/2009|12:47] C:\Program Files\<DIR> The KMPlayer
[02/20/2009|11:40] C:\Program Files\<DIR> Trend Micro
[02/20/2009|02:37] C:\Program Files\<DIR> TuneUp Utilities 2009
[01/31/2009|06:40] C:\Program Files\<DIR> TVAnts
[01/02/2009|06:00] C:\Program Files\<DIR> Uninstall Information
[01/04/2009|10:08] C:\Program Files\<DIR> URUSoft
[01/04/2009|04:45] C:\Program Files\<DIR> VideoLAN
[02/16/2009|11:52] C:\Program Files\<DIR> Warcraft III
[01/04/2009|04:57] C:\Program Files\<DIR> Webteh
[01/04/2009|05:04] C:\Program Files\<DIR> Winamp
[01/04/2009|05:03] C:\Program Files\<DIR> Winamp Remote
[01/09/2009|05:46] C:\Program Files\<DIR> Windows Installer Clean Up
[01/05/2009|07:16] C:\Program Files\<DIR> Windows Journal Viewer
[01/29/2009|11:51] C:\Program Files\<DIR> Windows Live
[01/08/2009|02:56] C:\Program Files\<DIR> Windows Live SkyDrive
[01/04/2009|04:07] C:\Program Files\<DIR> Windows Media Connect 2
[01/04/2009|04:07] C:\Program Files\<DIR> Windows Media Player
[01/03/2009|06:38] C:\Program Files\<DIR> Windows NT
[01/03/2009|06:45] C:\Program Files\<DIR> WindowsUpdate
[01/04/2009|05:29] C:\Program Files\<DIR> WinRAR
[01/04/2009|04:41] C:\Program Files\<DIR> WinZip
[01/02/2009|05:57] C:\Program Files\<DIR> xerox
[01/09/2009|08:33] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/08/2009|07:20] C:\Program Files\Common Files\<DIR> Adobe
[01/08/2009|07:22] C:\Program Files\Common Files\<DIR> Adobe AIR
[01/04/2009|04:35] C:\Program Files\Common Files\<DIR> Ahead
[01/09/2009|06:12] C:\Program Files\Common Files\<DIR> DESIGNER
[01/03/2009|06:10] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[01/03/2009|06:08] C:\Program Files\Common Files\<DIR> HP
[01/03/2009|05:13] C:\Program Files\Common Files\<DIR> InstallShield
[01/03/2009|06:21] C:\Program Files\Common Files\<DIR> Logitech
[01/29/2009|11:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/02/2009|05:56] C:\Program Files\Common Files\<DIR> MSSoap
[01/02/2009|07:50] C:\Program Files\Common Files\<DIR> ODBC
[01/02/2009|05:56] C:\Program Files\Common Files\<DIR> Services
[01/02/2009|07:50] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/08/2009|07:37] C:\Program Files\Common Files\<DIR> System
[01/07/2009|10:42] C:\Program Files\Common Files\<DIR> Windows Live
[01/03/2009|11:37] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[02/20/2009|09:10] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/04/2009|04:11] C:\Program Files\Common Files\<DIR> Xstream

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
C:\WINDOWS\Prefetch\WINZIX-2.3.0.0-SETUP.EXE-03F62F20.pf
C:\WINDOWS\Prefetch\WINZIX.EXE-13D951E4.pf

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 00:54:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:30][D:33]-> C:\DOCUME~1\DIMOST~1\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\DIMOST~1\Cookies
[F:304][D:6]-> C:\DOCUME~1\DIMOST~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 02/21/2009| 0:55 - Option : [1]

--------------------\\ Scan completed at 0:55:48
  #4  
Old 20th Feb 2009, 16:34
Moderator Group
  
Nope not clean yet.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.


Double click LopSD.exe


If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window.
  • Type 4 to choose Option 4 ( LopScript ), then press Enter
  • A blank Notepad file will open.
  • Copy the text in the below Code box and then paste it into the blank Notepad file.
  • Now close Notepad and select Yes to the changes.
  • A report will be generated, post the contents of it in your next reply, along with a NEW HijackThis log.
__________________
  #5  
Old 20th Feb 2009, 16:47
Member Group
  
Sorry,but what is the code box that you refer to?I don't see anything.
  #6  
Old 20th Feb 2009, 16:50
Moderator Group
  
Sorry, wrong instructions.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.


Double click LopSD.exe


If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window.
  • Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
  • Wait until the end of the scan.
  • A report will be generated, post the contents of it in your next reply, along with a NEW HijackThis log.
__________________
  #7  
Old 20th Feb 2009, 17:00
Member Group
  
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Dimosthenis ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.357 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.357 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:116 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:287 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Sat 02/21/2009| 1:55 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Prefetch\WINZIX-2.3.0.0-SETUP.EXE-03F62F20.pf
Deleted! - C:\WINDOWS\Prefetch\WINZIX.EXE-13D951E4.pf
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[01/04/2009|05:32] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Adobe
[02/01/2009|08:01] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Ahead
[02/18/2009|01:20] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> DMCache
[02/01/2009|12:53] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> GameHouse
[01/04/2009|04:50] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Identities
[01/04/2009|05:35] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> IDM
[02/01/2009|09:20] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> ImgBurn
[01/04/2009|04:50] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Logitech
[01/04/2009|05:32] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Macromedia
[02/18/2009|01:23] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Microsoft
[01/04/2009|05:01] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> Mozilla
[01/10/2009|12:47] C:\DOCUME~1\Alexia\APPLIC~1\<DIR> vlc

[01/04/2009|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {55A29068-F2CE-456C-9148-C869879E2357}
[01/08/2009|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/10/2009|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[02/20/2009|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fighters
[02/20/2009|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[02/21/2009|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[01/04/2009|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[02/10/2009|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> KONAMI
[01/04/2009|03:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/03/2009|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[02/20/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/29/2009|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/09/2009|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[01/04/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[01/04/2009|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> OrbNetworks
[01/09/2009|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sports Interactive
[02/20/2009|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/20/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[02/04/2009|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/12/2009|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[01/04/2009|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TuneUp Software
[01/04/2009|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/04/2009|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[01/07/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/02/2009|05:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/21/2009|01:03] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Adobe
[01/17/2009|10:25] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Ahead
[01/03/2009|05:27] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> ATI
[02/20/2009|11:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> DMCache
[01/15/2009|12:25] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> FMA
[01/04/2009|03:06] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Google
[01/02/2009|06:00] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Identities
[01/08/2009|06:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> IDM
[01/08/2009|07:33] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> ImgBurn
[01/04/2009|04:11] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> InstallShield
[01/03/2009|06:44] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Logitech
[01/03/2009|11:38] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Macromedia
[02/20/2009|11:23] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Malwarebytes
[01/04/2009|06:01] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Media Player Classic
[02/16/2009|02:55] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Microsoft
[01/03/2009|11:45] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Mozilla
[01/15/2009|12:47] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> MyPhoneExplorer
[02/06/2009|03:45] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Real
[01/09/2009|08:42] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Sports Interactive
[01/04/2009|01:56] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Sun
[02/20/2009|09:11] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/04/2009|05:10] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> TuneUp Software
[02/20/2009|02:30] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Uniblue
[02/21/2009|01:54] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> uTorrent
[01/04/2009|04:46] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> vlc
[01/04/2009|05:04] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> Winamp
[01/03/2009|06:31] C:\DOCUME~1\DIMOST~1\APPLIC~1\<DIR> WinRAR

[01/02/2009|05:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/02/2009|05:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/20/2009 11:32 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[03/31/2003 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/21/2009|01:03] C:\Program Files\<DIR> Adobe
[01/04/2009|06:31] C:\Program Files\<DIR> ATI Technologies
[01/04/2009|04:01] C:\Program Files\<DIR> AudioToolsFactory
[01/03/2009|05:08] C:\Program Files\<DIR> AvRack
[01/04/2009|05:03] C:\Program Files\<DIR> BS.Player ControlBar
[01/04/2009|02:55] C:\Program Files\<DIR> CCleaner
[02/20/2009|11:33] C:\Program Files\<DIR> Chameleon Clock
[02/21/2009|01:03] C:\Program Files\<DIR> Common Files
[01/02/2009|05:55] C:\Program Files\<DIR> ComPlus Applications
[01/04/2009|02:51] C:\Program Files\<DIR> CursorXP
[02/16/2009|04:03] C:\Program Files\<DIR> DC++
[01/04/2009|04:24] C:\Program Files\<DIR> Dictionaries Explorer
[02/01/2009|08:11] C:\Program Files\<DIR> directx
[02/20/2009|09:12] C:\Program Files\<DIR> Fighters
[01/15/2009|12:28] C:\Program Files\<DIR> Fma
[02/16/2009|10:30] C:\Program Files\<DIR> Garena
[01/04/2009|03:06] C:\Program Files\<DIR> Google
[01/03/2009|06:10] C:\Program Files\<DIR> HP
[01/04/2009|02:56] C:\Program Files\<DIR> Illustrate
[01/04/2009|03:19] C:\Program Files\<DIR> ImgBurn
[02/16/2009|10:27] C:\Program Files\<DIR> InstallShield Installation Information
[01/03/2009|05:06] C:\Program Files\<DIR> Intel
[01/06/2009|01:24] C:\Program Files\<DIR> Internet Download Manager
[01/27/2009|06:57] C:\Program Files\<DIR> Internet Explorer
[01/09/2009|04:37] C:\Program Files\<DIR> iriver
[01/04/2009|01:58] C:\Program Files\<DIR> Java
[01/04/2009|02:07] C:\Program Files\<DIR> Kaspersky Lab
[01/04/2009|05:58] C:\Program Files\<DIR> K-Lite Codec Pack
[02/10/2009|01:39] C:\Program Files\<DIR> KONAMI
[01/04/2009|03:31] C:\Program Files\<DIR> Lavalys
[01/04/2009|03:43] C:\Program Files\<DIR> Lavasoft
[01/03/2009|06:28] C:\Program Files\<DIR> LightSurf
[02/21/2009|12:39] C:\Program Files\<DIR> Logitech
[02/20/2009|11:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/03/2009|05:13] C:\Program Files\<DIR> Marvell
[01/04/2009|01:30] C:\Program Files\<DIR> Messenger
[01/29/2009|11:51] C:\Program Files\<DIR> Microsoft
[01/02/2009|05:57] C:\Program Files\<DIR> microsoft frontpage
[01/03/2009|05:57] C:\Program Files\<DIR> Microsoft Hardware
[01/08/2009|07:37] C:\Program Files\<DIR> Microsoft Office
[01/08/2009|07:41] C:\Program Files\<DIR> Microsoft Visual Studio
[01/08/2009|07:38] C:\Program Files\<DIR> Microsoft Visual Studio 8
[01/09/2009|06:12] C:\Program Files\<DIR> Microsoft Works
[02/20/2009|12:39] C:\Program Files\<DIR> Minilyrics
[01/03/2009|06:39] C:\Program Files\<DIR> Movie Maker
[02/20/2009|11:34] C:\Program Files\<DIR> Mozilla Firefox
[01/09/2009|06:12] C:\Program Files\<DIR> MSBuild
[01/09/2009|05:45] C:\Program Files\<DIR> MSECACHE
[01/02/2009|05:55] C:\Program Files\<DIR> MSN
[01/02/2009|05:55] C:\Program Files\<DIR> MSN Gaming Zone
[01/04/2009|01:34] C:\Program Files\<DIR> MSXML 4.0
[01/15/2009|12:46] C:\Program Files\<DIR> MyPhoneExplorer
[01/06/2009|12:48] C:\Program Files\<DIR> myTV
[01/04/2009|04:34] C:\Program Files\<DIR> Nero
[01/03/2009|06:38] C:\Program Files\<DIR> NetMeeting
[01/02/2009|05:55] C:\Program Files\<DIR> Online Services
[01/03/2009|06:38] C:\Program Files\<DIR> Outlook Express
[01/09/2009|01:34] C:\Program Files\<DIR> Play65
[01/03/2009|05:08] C:\Program Files\<DIR> Realtek Sound Manager
[02/06/2009|03:43] C:\Program Files\<DIR> RM Converter
[02/06/2009|03:54] C:\Program Files\<DIR> RM Files Converter
[01/15/2009|12:17] C:\Program Files\<DIR> smsgee
[01/07/2009|09:44] C:\Program Files\<DIR> SopCast
[01/04/2009|04:31] C:\Program Files\<DIR> SpeedFan
[01/09/2009|08:31] C:\Program Files\<DIR> Sports Interactive
[02/20/2009|11:18] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/04/2009|06:27] C:\Program Files\<DIR> Stardock
[02/20/2009|09:11] C:\Program Files\<DIR> SUPERAntiSpyware
[01/05/2009|12:47] C:\Program Files\<DIR> The KMPlayer
[02/20/2009|11:40] C:\Program Files\<DIR> Trend Micro
[02/20/2009|02:37] C:\Program Files\<DIR> TuneUp Utilities 2009
[01/31/2009|06:40] C:\Program Files\<DIR> TVAnts
[01/02/2009|06:00] C:\Program Files\<DIR> Uninstall Information
[02/21/2009|01:09] C:\Program Files\<DIR> URUSoft
[01/04/2009|04:45] C:\Program Files\<DIR> VideoLAN
[02/16/2009|11:52] C:\Program Files\<DIR> Warcraft III
[01/04/2009|04:57] C:\Program Files\<DIR> Webteh
[01/04/2009|05:04] C:\Program Files\<DIR> Winamp
[01/04/2009|05:03] C:\Program Files\<DIR> Winamp Remote
[01/09/2009|05:46] C:\Program Files\<DIR> Windows Installer Clean Up
[01/05/2009|07:16] C:\Program Files\<DIR> Windows Journal Viewer
[01/29/2009|11:51] C:\Program Files\<DIR> Windows Live
[01/08/2009|02:56] C:\Program Files\<DIR> Windows Live SkyDrive
[01/04/2009|04:07] C:\Program Files\<DIR> Windows Media Connect 2
[01/04/2009|04:07] C:\Program Files\<DIR> Windows Media Player
[01/03/2009|06:38] C:\Program Files\<DIR> Windows NT
[01/03/2009|06:45] C:\Program Files\<DIR> WindowsUpdate
[01/04/2009|05:29] C:\Program Files\<DIR> WinRAR
[01/04/2009|04:41] C:\Program Files\<DIR> WinZip
[01/02/2009|05:57] C:\Program Files\<DIR> xerox
[01/09/2009|08:33] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/08/2009|07:20] C:\Program Files\Common Files\<DIR> Adobe
[01/04/2009|04:35] C:\Program Files\Common Files\<DIR> Ahead
[01/09/2009|06:12] C:\Program Files\Common Files\<DIR> DESIGNER
[01/03/2009|06:10] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[01/03/2009|06:08] C:\Program Files\Common Files\<DIR> HP
[01/03/2009|05:13] C:\Program Files\Common Files\<DIR> InstallShield
[01/03/2009|06:21] C:\Program Files\Common Files\<DIR> Logitech
[01/29/2009|11:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/02/2009|05:56] C:\Program Files\Common Files\<DIR> MSSoap
[01/02/2009|07:50] C:\Program Files\Common Files\<DIR> ODBC
[01/02/2009|05:56] C:\Program Files\Common Files\<DIR> Services
[01/02/2009|07:50] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/08/2009|07:37] C:\Program Files\Common Files\<DIR> System
[01/07/2009|10:42] C:\Program Files\Common Files\<DIR> Windows Live
[01/03/2009|11:37] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[02/20/2009|09:10] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/04/2009|04:11] C:\Program Files\Common Files\<DIR> Xstream

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 01:57:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:32][D:35]-> C:\DOCUME~1\DIMOST~1\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\DIMOST~1\Cookies
[F:400][D:6]-> C:\DOCUME~1\DIMOST~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 02/21/2009| 0:55 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 02/21/2009| 1:58 - Option : [2]

--------------------\\ Scan completed at 1:58:35


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:57 AM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Dimosthenis\Setups\utorrent.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\juice.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: A?iooie? ooi OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: A&?iooie? ooi OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231022274562
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\kloehk.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7045 bytes
  #8  
Old 20th Feb 2009, 17:05
Moderator Group
  
Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
  #9  
Old 20th Feb 2009, 17:33
Member Group
  
ComboFix 09-02-19.01 - Dimosthenis 2009-02-21 2:28:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1033.18.1023.673 [GMT 2:00]
Running from: c:\documents and settings\Dimosthenis\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 00:50 . 2009-02-21 01:58 <DIR> d-------- C:\Lop SD
2009-02-20 23:56 . 2009-02-20 23:56 <DIR> d-------- C:\Nancy Drew
2009-02-20 23:40 . 2009-02-20 23:40 <DIR> d-------- c:\program files\Trend Micro
2009-02-20 23:23 . 2009-02-20 23:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 23:23 . 2009-02-20 23:23 <DIR> d-------- c:\documents and settings\Dimosthenis\Application Data\Malwarebytes
2009-02-20 23:23 . 2009-02-20 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 23:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 23:18 . 2009-02-21 02:25 1,372,704 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-20 23:18 . 2009-02-21 02:21 499,744 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-20 23:18 . 2009-02-21 02:24 12,852 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-20 23:18 . 2009-02-21 02:21 3,836 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-20 19:52 . 2009-02-20 21:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-20 19:52 . 2009-02-20 21:11 <DIR> d-------- c:\documents and settings\Dimosthenis\Application Data\SUPERAntiSpyware.com
2009-02-20 19:52 . 2009-02-20 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-20 16:53 . 2009-02-20 16:53 101 --a------ c:\windows\wininit.ini
2009-02-20 16:27 . 2009-02-20 23:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-20 16:27 . 2009-02-20 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-20 16:01 . 2009-02-20 21:12 <DIR> d-------- c:\program files\Fighters
2009-02-20 16:01 . 2009-02-20 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-02-20 15:09 . 2009-02-20 15:09 <DIR> d-------- c:\documents and settings\Dimosthenis\.housecall6.6
2009-02-20 14:30 . 2009-02-20 14:30 <DIR> d-------- c:\documents and settings\Dimosthenis\Application Data\Uniblue
2009-02-16 22:27 . 2009-02-16 22:30 <DIR> d-------- c:\program files\Garena
2009-02-16 22:19 . 2009-02-16 22:24 139,264 --a------ c:\windows\War3Unin.exe
2009-02-16 22:19 . 2009-02-16 23:02 77,597 --a------ c:\windows\War3Unin.dat
2009-02-16 22:19 . 2009-02-16 22:24 2,829 --a------ c:\windows\War3Unin.pif
2009-02-16 22:16 . 2009-02-16 23:52 <DIR> d-------- c:\program files\Warcraft III
2009-02-12 22:21 . 2009-02-12 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-10 01:47 . 2009-02-10 01:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2009-02-10 01:39 . 2009-02-10 01:39 <DIR> d-------- c:\program files\KONAMI
2009-02-10 01:17 . 2009-02-10 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-06 03:44 . 2009-02-06 03:54 <DIR> d-------- c:\program files\RM Files Converter
2009-02-06 03:40 . 2009-02-06 03:43 <DIR> d-------- c:\program files\RM Converter
2009-02-02 01:00 . 2009-02-02 01:00 0 --a------ c:\windows\game.INI
2009-02-01 20:23 . 2009-02-01 21:20 <DIR> d-------- c:\documents and settings\Alexia\Application Data\ImgBurn
2009-02-01 20:11 . 2009-02-01 20:11 <DIR> d-------- c:\program files\directx
2009-02-01 20:11 . 2009-02-01 20:11 0 --a------ c:\windows\DXT110.tmp
2009-02-01 20:11 . 2009-02-01 20:11 0 --a------ c:\windows\DXT10F.tmp
2009-02-01 20:10 . 2009-02-01 20:10 <DIR> d-------- c:\documents and settings\Alexia\WINDOWS
2009-02-01 20:01 . 2009-02-01 20:01 <DIR> d-------- c:\documents and settings\Alexia\Application Data\Ahead
2009-02-01 00:53 . 2009-02-01 00:53 <DIR> d-------- c:\documents and settings\Alexia\Application Data\GameHouse
2009-01-31 18:40 . 2009-01-31 18:40 <DIR> d-------- c:\program files\TVAnts
2009-01-29 23:51 . 2009-01-29 23:51 <DIR> d-------- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-21 00:26 --------- d-----w c:\program files\Chameleon Clock
2009-02-21 00:26 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-21 00:21 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\DMCache
2009-02-21 00:18 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\uTorrent
2009-02-20 23:09 --------- d-----w c:\program files\URUSoft
2009-02-20 22:39 --------- d-----w c:\program files\Logitech
2009-02-20 19:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-20 12:37 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-20 10:39 --------- d-----w c:\program files\Minilyrics
2009-02-19 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-18 11:20 --------- d-----w c:\documents and settings\Alexia\Application Data\DMCache
2009-02-16 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 02:03 --------- d-----w c:\program files\DC++
2009-02-05 13:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 18:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-03 17:30 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:30 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-29 21:51 --------- d-----w c:\program files\Windows Live
2009-01-17 20:25 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\Ahead
2009-01-14 22:47 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\MyPhoneExplorer
2009-01-14 22:46 --------- d-----w c:\program files\MyPhoneExplorer
2009-01-14 22:28 --------- d-----w c:\program files\Fma
2009-01-14 22:25 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\FMA
2009-01-14 22:17 --------- d-----w c:\program files\smsgee
2009-01-10 10:47 --------- d-----w c:\documents and settings\Alexia\Application Data\vlc
2009-01-09 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-09 18:42 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\Sports Interactive
2009-01-09 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-09 18:33 --------- d--h--w c:\program files\Zero G Registry
2009-01-09 18:31 --------- d-----w c:\program files\Sports Interactive
2009-01-09 16:12 --------- d-----w c:\program files\MSBuild
2009-01-09 16:12 --------- d-----w c:\program files\Microsoft Works
2009-01-09 15:46 --------- d-----w c:\program files\Windows Installer Clean Up
2009-01-09 15:45 --------- d-----w c:\program files\MSECACHE
2009-01-09 03:05 90,112 ----a-w c:\windows\DUMP9fab.tmp
2009-01-09 02:37 --------- d-----w c:\program files\iriver
2009-01-08 23:34 --------- d-----w c:\program files\Play65
2009-01-08 17:38 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-08 17:33 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\ImgBurn
2009-01-08 17:20 --------- d-----w c:\program files\Common Files\Adobe
2009-01-08 16:33 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\IDM
2009-01-08 00:56 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-07 20:42 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-07 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-07 19:44 --------- d-----w c:\program files\SopCast
2009-01-06 11:24 --------- d-----w c:\program files\Internet Download Manager
2009-01-06 10:48 --------- d-----w c:\program files\myTV
2009-01-05 17:57 2,285,056 ----a-w c:\windows\system32\TUKernel.exe
2009-01-05 17:16 --------- d-----w c:\program files\Windows Journal Viewer
2009-01-04 22:47 --------- d-----w c:\program files\The KMPlayer
2009-01-04 15:35 --------- d-----w c:\documents and settings\Alexia\Application Data\IDM
2009-01-04 14:50 --------- d-----w c:\documents and settings\Alexia\Application Data\Logitech
2009-01-04 04:31 --------- d-----w c:\program files\ATI Technologies
2009-01-04 04:27 --------- d-----w c:\program files\Stardock
2009-01-04 04:01 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\Media Player Classic
2009-01-04 03:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-04 03:13 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-04 03:13 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-04 03:10 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-04 03:10 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\TuneUp Software
2009-01-04 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-04 03:04 --------- d-----w c:\program files\Winamp
2009-01-04 03:04 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\Winamp
2009-01-04 03:03 --------- d-----w c:\program files\Winamp Remote
2009-01-04 03:03 --------- d-----w c:\program files\BS.Player ControlBar
2009-01-04 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2009-01-04 02:57 --------- d-----w c:\program files\Webteh
2009-01-04 02:46 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\vlc
2009-01-04 02:45 --------- d-----w c:\program files\VideoLAN
2009-01-04 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-01-04 02:35 --------- d-----w c:\program files\Common Files\Ahead
2009-01-04 02:34 --------- d-----w c:\program files\Nero
2009-01-04 02:34 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-04 02:31 --------- d-----w c:\program files\SpeedFan
2009-01-04 02:24 --------- d-----w c:\program files\Dictionaries Explorer
2009-01-04 02:11 --------- d-----w c:\program files\Common Files\Xstream
2009-01-04 02:11 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\InstallShield
2009-01-04 02:07 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-04 02:01 --------- d-----w c:\program files\AudioToolsFactory
2009-01-04 01:43 --------- d-----w c:\program files\Lavasoft
2009-01-04 01:43 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-04 01:31 --------- d-----w c:\program files\Lavalys
2009-01-04 01:19 --------- d-----w c:\program files\ImgBurn
2009-01-04 01:06 --------- d-----w c:\program files\Google
2009-01-04 01:03 2,433,400 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-01-04 00:56 --------- d-----w c:\program files\Illustrate
2009-01-04 00:55 --------- d-----w c:\program files\CCleaner
2009-01-04 00:51 --------- d-----w c:\program files\CursorXP
2009-01-04 00:07 --------- d-----w c:\program files\Kaspersky Lab
2009-01-04 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-03 23:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-03 23:58 --------- d-----w c:\program files\Java
2009-01-03 23:34 --------- d-----w c:\program files\MSXML 4.0
2009-01-03 21:37 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-03 16:44 --------- d-----w c:\documents and settings\Dimosthenis\Application Data\Logitech
2009-01-03 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-03 16:28 --------- d-----w c:\program files\LightSurf
2009-01-03 16:21 --------- d-----w c:\program files\Common Files\Logitech
2009-01-03 16:10 --------- d-----w c:\program files\HP
2009-01-03 16:10 --------- d-----w c:\program files\Common Files\Hewlett-Packard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-09-18 699392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-03 593920]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-04 05:20 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lightsurf.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lightsurf.lnk
backup=c:\windows\pss\Lightsurf.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dimosthenis^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Dimosthenis\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2009-01-04 03:21 2594224 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
--a------ 2002-03-22 06:41 94208 c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 03:54 507904 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-04 01:58 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2006-05-10 09:48 94208 c:\windows\KHALMNPR.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"g:\\Dimosthenis\\Setups\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\wehellas2009.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2009-01-03 3712]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-04 603904]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2009-01-03 26752]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-close surf mail dupe - c:\documents and settings\All Users\Application Data\Tick Find Close Surf\Test ante.exe
MSConfigStartUp-iRiver Updater - \Updater.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
MSConfigStartUp-Name Size - c:\docume~1\DIMOST~1\APPLIC~1\MFCDBI~1\settings64. exe
MSConfigStartUp-spywarefighterguard - c:\program files\Fighters\spywarefighter\SpywarefighterUser.e xe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe


.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dimosthenis\Application Data\Mozilla\Firefox\Profiles\ooz9y2cc.default\
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - www.in.gr
FF - component: c:\documents and settings\Dimosthenis\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Dimosthenis\Application Data\Mozilla\Firefox\Profiles\ooz9y2cc.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 02:30:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1220945662-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Dimosthenis\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Documents and Settings\\Dimosthenis\\My Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Dimosthenis\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Dimosthenis\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Documents and Settings\\Dimosthenis\\Local Settings\\Temp\\wzc3c5\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\db\\900\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="64-0140-076F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1380)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2009-02-21 2:32:03
ComboFix-quarantined-files.txt 2009-02-21 00:32:00

Pre-Run: 124,716,163,072 bytes free
Post-Run: 124,704,890,880 bytes free

344 --- E O F --- 2009-01-04 03:32:47
  #10  
Old 20th Feb 2009, 17:38
Moderator Group
  
Looks good. How is the computer running now?

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:
:Processes
explorer.exe

:files
c:\windows\DXT110.tmp
c:\windows\DXT10F.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
__________________
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.