"unremovable"malware (virtumonde)
Hey
I've detected Malware on my computer. It's named "Virtumonde" and I dont know how to remove it. I've tried many different antivirus and antispyware to remove it, but it seens to be unremovable by scans since June. My brother suggested, to reinstall windows. I am not a genious to spyware, malware and stuff like that. But it would be really great if somebody came up with another solution than my brother.
If anybody wants to help me, please send a mail - <address removed to protect from spam>
Thanks a lot
-
Hi
Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only
* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here (without using attachment).
0 -
HiDownload and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only
* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here (without using attachment).
Here it is Thx a lot
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:53, on 12-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\winamp toolbar\WinampTbServer.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {22299931-3E8A-4EC0-895F-F90440E48594} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {47788F8F-1198-4C3D-8381-0A8FDCEB2463} - (no file)
O2 - BHO: (no name) - {75292F32-2A3D-4BD2-9A62-8D376A848DA2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92907D14-2368-4275-A9AF-68E2B4A6C888} - (no file)
O2 - BHO: (no name) - {9751A285-DD5F-492F-AAB4-CBCC2C91431B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: (no name) - {AA71B218-D7F0-464A-98FB-18B53A0CDB63} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BC4A75A5-3818-4557-80D7-1063BED4F888} - (no file)
O2 - BHO: (no name) - {E2AE01B2-5079-4CE1-A05D-7316490932A4} - (no file)
O2 - BHO: {b8295437-0cbe-40a9-fcc4-da387d03963e} - {e36930d7-83ad-4ccf-9a04-ebc07345928b} - (no file)
O2 - BHO: (no name) - {EF0E3ED0-9078-41FB-8710-C60BBFAE699C} - (no file)
O2 - BHO: (no name) - {F3AA89A6-3420-4C2E-9640-74717E64CFDF} - (no file)
O2 - BHO: (no name) - {F6B1D5B3-3D2C-4C48-9ECD-1C85289547F5} - (no file)
O2 - BHO: (no name) - {fc81feb8-3cf8-4253-84ea-004406980db6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: geBtQkKb - geBtQkKb.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 22046 bytes
0 -
Hi
Do you know anything about C:\WINDOWS\SYSTEM32\antiwpa.dll ?
Please run the MGA Diagnostic Tool and post back the report it creates:
- Download MGADiag to your desktop.
- Double-click on MGADiag.exe to launch the program
- Click "Continue"
- Ensure that the "Windows" tab is selected (it should be by default).
- Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
- Paste the MGA Diagnostic Report back here in your next reply.
0 - Download MGADiag to your desktop.
-
HiDo you know anything about C:\WINDOWS\SYSTEM32\antiwpa.dll ?
Please run the MGA Diagnostic Tool and post back the report it creates:
- Download MGADiag to your desktop.
- Double-click on MGADiag.exe to launch the program
- Click "Continue"
- Ensure that the "Windows" tab is selected (it should be by default).
- Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
- Paste the MGA Diagnostic Report back here in your next reply.
Once again, Thx a lot for helping me
- Here it is:
Diagnostic Report (1.7.0110.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-B6RD9-9PQ9T-B9V48
Windows Product Key Hash: aIrbAZjqewuupWxbYPL6JpqNkCg=
Windows Product ID: 76392-OEM-2262457-24431
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {820019A7-739B-408C-BCFE-611B19F16DCB}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_E2AD56EA-761-d003_E2AD56EA-762-0_E2AD56EA-134-80004005
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 101 Not Activated
Microsoft Office Professional Edition 2003 - 101 Not Activated
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_3E121E02-115-80004005_FA827CE6-153-8007007e_FA827CE6-180-8007007e
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Programmer\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{820019A7-739B-408C-BCFE-611B19F16DCB}</UGUID><Version>1.7.0110.1</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9V48</PKey><PID>76392-OEM-2262457-24431</PID><PIDType>3</PIDType><SID>S-1-5-21-1935655697-842925246-725345543</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20070906000000.000000+000</Date></BIOS><HWID>34F631F701846079</HWID><UserLCID>0406</UserLCID><SystemLCID>0406</SystemLCID><TimeZone>Rom, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>101</Result><Products><Product GUID="{91E30406-6000-11D3-8CFE-0150048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>6E23E69D3E8ADA4</Val><Hash>GWkCYbVS2ojTrR9TwuOFAs+plfk=</Hash><Pid>73969-722-5532841-57698</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="101"/><App Id="16" Version="11" Result="101"/><App Id="18" Version="11" Result="101"/><App Id="19" Version="11" Result="101"/><App Id="1A" Version="11" Result="101"/><App Id="1B" Version="11" Result="101"/><App Id="44" Version="11" Result="101"/><App Id="A1" Version="11" Result="101"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
0 - Download MGADiag to your desktop.
-
HiStart hjt, do a system scan, check:
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
Close browsers and fix checked.
We need to execute an OTMoveIt3 script
- Please download OTMoveIt3 by OldTimer and save it to your desktop.
- Double click theOTMoveIt3 icon on your desktop.
- Paste the following code under the Paste Fix Here area. Do not include the word
Code
.:Files
C:\WINDOWS\SYSTEM32\antiwpa.dll
- Push the large MoveIt button.
-
OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MoveIt - Log:
========== FILES ==========
C:\WINDOWS\SYSTEM32\antiwpa.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\antiwpa.dll scheduled to be moved on reboot.
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11132008_143246
Files moved on Reboot...
File C:\WINDOWS\SYSTEM32\antiwpa.dll not found!
------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:26, on 13-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\notepad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {22299931-3E8A-4EC0-895F-F90440E48594} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {47788F8F-1198-4C3D-8381-0A8FDCEB2463} - (no file)
O2 - BHO: (no name) - {75292F32-2A3D-4BD2-9A62-8D376A848DA2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92907D14-2368-4275-A9AF-68E2B4A6C888} - (no file)
O2 - BHO: (no name) - {9751A285-DD5F-492F-AAB4-CBCC2C91431B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: (no name) - {AA71B218-D7F0-464A-98FB-18B53A0CDB63} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BC4A75A5-3818-4557-80D7-1063BED4F888} - (no file)
O2 - BHO: (no name) - {E2AE01B2-5079-4CE1-A05D-7316490932A4} - (no file)
O2 - BHO: {b8295437-0cbe-40a9-fcc4-da387d03963e} - {e36930d7-83ad-4ccf-9a04-ebc07345928b} - (no file)
O2 - BHO: (no name) - {EF0E3ED0-9078-41FB-8710-C60BBFAE699C} - (no file)
O2 - BHO: (no name) - {F3AA89A6-3420-4C2E-9640-74717E64CFDF} - (no file)
O2 - BHO: (no name) - {F6B1D5B3-3D2C-4C48-9ECD-1C85289547F5} - (no file)
O2 - BHO: (no name) - {fc81feb8-3cf8-4253-84ea-004406980db6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: geBtQkKb - geBtQkKb.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 21897 bytes
__________________________________________________________________________________
Btw. today when Windows started, a window appeared.
It said like:
RUNDLL
error reading C:\WINDOWS\system32\bnxltvry.dll
(and something like): its was not found!
I've seen that kind of message before, but i didn't notice if the filename was the same.
I dont know if that's important.
i've quarantined some Virtumonde applikations (restore applikations too) on "ESET NOD32 Antivirus" - if that's interesting.
0 - Please download OTMoveIt3 by OldTimer and save it to your desktop.
-
Hi
Start hjt, do a system scan, check:
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
Close browsers and fix checked.
We need to execute an OTMoveIt3 script
- Please download OTMoveIt3 by OldTimer and save it to your desktop.
- Double click theOTMoveIt3 icon on your desktop.
- Paste the following code under the Paste Fix Here area. Do not include the word
Code
.:Files
C:\WINDOWS\SYSTEM32\antiwpa.dll
- Push the large MoveIt button.
-
OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
0 - Please download OTMoveIt3 by OldTimer and save it to your desktop.
-
Hi
That error message you got is Vundo related and should vanish during the cleaning process.
Disable AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
0 - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
HiThat error message you got is Vundo related and should vanish during the cleaning process.
Disable AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Thank you I'll do that as soon as possible.
- but i have a lot to do during the weekend, so i might be able to respond in beginning of next week.
I hope u will still be there
0 - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
Ok. Shall wait for the logs
0 -
Ok. Shall wait for the logs
im sorry i havn't posted the logs yet.. but im quite busy atm :/ - but i wont forget it and i really appreciate your help
how much time am I supposed to spend on this? - mean how long time does it take?
Btw. i found out what "Anitwpa" is... you can google it if u wanna...
0 -
Hi
ComboFix shouldn't take too long to run. The sooner you reply the sooner we get further with the cleaning process
0 -
Here is the log... but it didn't run as expected... it couldn't continue in after explore was closed, so i had to "ctrl-alt-del" and restart...
It restarted without problems, and when my "startup screen" appeared, Combofix made the log. but several other programs started too, and might propably have disturbed the Combofix. Anyways, here it is.
I noticed it is danish, if u want me to translate something, just tell me - i made a basic glossary in the end of this reply...
ComboFix 08-11-20.02 - Niklas Nilsson 2008-11-21 16:02:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.2781 [GMT 1:00]
Kører fra: c:\documents and settings\Niklas Nilsson\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Niklas Nilsson\Skrivebord\WindowsXP-KB310994-SP2-Pro-BootDisk-DAN.exe
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Niklas Nilsson\Lokale indstillinger\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\BM332093fe.txt
c:\windows\BM332093fe.xml
c:\windows\cookies.ini
c:\windows\system32\acywgora.ini
c:\windows\system32\aluhdjqi.ini
c:\windows\system32\aoavnlok.ini
c:\windows\system32\avidxovj.ini
c:\windows\system32\cwsdwtfj.ini
c:\windows\system32\dbhtaejn.ini
c:\windows\system32\dtmjhyhm.ini
c:\windows\system32\dxpgomoi.ini
c:\windows\system32\eamwliox.ini
c:\windows\system32\gyxyagli.ini
c:\windows\system32\howcexak.ini
c:\windows\system32\hyugxymt.ini
c:\windows\system32\ihhibgpn.ini
c:\windows\system32\kawwmkka.ini
c:\windows\system32\ljetloyu.ini
c:\windows\system32\lqiuqrhj.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nglqrekm.ini
c:\windows\system32\sDgMonmp.ini
c:\windows\system32\sDgMonmp.ini2
c:\windows\system32\smyieicv.ini
c:\windows\system32\TCLmmnmp.ini
c:\windows\system32\TCLmmnmp.ini2
c:\windows\system32\tigvqthx.ini
c:\windows\system32\vdcbsmmw.ini
c:\windows\system32\vlxpewcv.ini
c:\windows\system32\vvtrimke.ini
c:\windows\system32\xvthbiqn.ini
c:\windows\system32\XwGPVvut.ini
c:\windows\system32\XwGPVvut.ini2
c:\windows\system32\XxIiPqru.ini
c:\windows\system32\XxIiPqru.ini2
c:\windows\system32\ycoeawsa.ini
c:\windows\system32\yjadwbaf.ini
.
((((((((((((((((((((((((((((( Filer skabt fra 2008-10-21 til 2008-11-21 )))))))))))))))))))))))))))))))))))
.
2008-11-13 14:35 . 2008-11-13 14:35 13,646 --a------ c:\windows\system32\wpa.bak
2008-11-13 14:32 . 2008-11-13 14:32 <DIR> d-------- C:\_OTMoveIt
2008-11-12 11:50 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 17:28 . 2008-11-06 17:28 <DIR> d-------- c:\programmer\Winamp Toolbar
2008-11-06 17:28 . 2008-11-20 17:40 <DIR> d-------- c:\programmer\Winamp Remote
2008-11-06 17:28 . 2008-11-06 17:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-06 17:28 . 2008-11-07 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-10-27 04:22 . 2008-10-27 04:22 <DIR> d-------- c:\documents and settings\Niklas Nilsson\Application Data\SUPERAntiSpyware.com
2008-10-24 11:34 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 18:40 --------- d-----w c:\programmer\Windows Live Safety Center
2008-11-20 16:47 --------- d-----w c:\documents and settings\Niklas Nilsson\Application Data\OpenOffice.org2
2008-11-20 13:37 --------- d-----w c:\programmer\Fælles filer\Adobe
2008-11-17 16:48 --------- d-----w c:\programmer\Steam
2008-11-11 17:05 --------- d-----w c:\programmer\Fælles filer\Wise Installation Wizard
2008-11-06 16:28 --------- d-----w c:\programmer\Winamp
2008-10-27 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 16:23 --------- d--h--w c:\programmer\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-09 22:36 --------- d-----w c:\programmer\Java
2008-10-09 18:42 --------- d-----w c:\programmer\Fælles filer\Symantec Shared
2008-10-07 18:07 --------- d-----w c:\programmer\Gyldendals Etbindsleksikon
2008-10-05 14:01 --------- d-----w c:\documents and settings\Niklas Nilsson\Application Data\Politiken
2008-10-05 13:59 --------- d-----w c:\programmer\Polob32
2008-09-30 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-09-30 20:44 --------- d-----w c:\programmer\Messenger Plus! Live
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 16:10 --------- d-----w c:\programmer\Paint.NET
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\programmer\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 196864]
"LDM"="c:\programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-06-03 36864]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"OSSelectorReinstall"="c:\programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"LogitechCommunicationsManager"="c:\programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AWMON"="c:\programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2004-09-16 538112]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 c:\windows\ALCMTR.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech Desktop Messenger.lnk - c:\programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-03 196608]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-08-07 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM332093fe"=Rundll32.exe "c:\windows\system32\axvsolgs.dll",s
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\BitSpirit\\BitSpirit.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Steam\\steamapps\\thenilssonbrothers\\counter-strike source\\hl2.exe"=
"c:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\garrysmod\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\counter-strike source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Programmer\\Steam\\steam.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\day of defeat source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\common\\savage 2 a tortured soul\\savage2.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\age of chivalry\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\zombie panic! source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\synergy\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\diprip warm up\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\insurgency\\hl2.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2008-06-06 15544]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-06-02 14592]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-27 14336]
S3 Memctl;Memctl;\??\c:\programmer\U-ABIT\FlashMenu\Memctl.sys []
S3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-06-01 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'
2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
- - - - TOMME GENVEJE FJERNET - - - -
BHO-{22299931-3E8A-4EC0-895F-F90440E48594} - (no file)
BHO-{47788F8F-1198-4C3D-8381-0A8FDCEB2463} - (no file)
BHO-{75292F32-2A3D-4BD2-9A62-8D376A848DA2} - (no file)
BHO-{92907D14-2368-4275-A9AF-68E2B4A6C888} - (no file)
BHO-{9751A285-DD5F-492F-AAB4-CBCC2C91431B} - (no file)
BHO-{AA71B218-D7F0-464A-98FB-18B53A0CDB63} - (no file)
BHO-{BC4A75A5-3818-4557-80D7-1063BED4F888} - (no file)
BHO-{E2AE01B2-5079-4CE1-A05D-7316490932A4} - (no file)
BHO-{e36930d7-83ad-4ccf-9a04-ebc07345928b} - (no file)
BHO-{EF0E3ED0-9078-41FB-8710-C60BBFAE699C} - (no file)
BHO-{F3AA89A6-3420-4C2E-9640-74717E64CFDF} - (no file)
BHO-{F6B1D5B3-3D2C-4C48-9ECD-1C85289547F5} - (no file)
BHO-{fc81feb8-3cf8-4253-84ea-004406980db6} - (no file)
HKLM-Run-BM332093fe - c:\windows\system32\bnxltvry.dll
Notify-geBtQkKb - geBtQkKb.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 16:12:05
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\rundll32.exe
c:\programmer\Fælles filer\LogiShrd\KHAL2\KHALMNPR.exe
c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ALCFDRTM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2008-11-21 16:16:13 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-11-21 15:16:11
Pre-Kørsel: 177.992.781.824 byte ledig
Post-Kørsel: 178,137,104,384 byte ledig
WindowsXP-KB310994-SP2-Pro-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
223 --- E O F --- 2008-11-12 10:52:16
Basic Glossary ;D
at slette = to delete (slettet = deleted)
at køre = to run
ledig = free
andre = others
indstillinget = (kinda- ) options
0 -
HiComboFix shouldn't take too long to run. The sooner you reply the sooner we get further with the cleaning process
Im trying now :S
0 -
Hi
Uninstall old Adobe Reader and get the latest one here or get Foxit Reader here.
Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM332093fe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
0 -
No problems with Combofix... except the popup which forced me to shut down ad-watch.. the usual window with [send error] and [dont send]...
ComboFix 08-11-21.02 - Niklas Nilsson 2008-11-21 20:24:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.2821 [GMT 1:00]
Kører fra: c:\documents and settings\Niklas Nilsson\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Niklas Nilsson\Skrivebord\CFScript.txt
.
((((((((((((((((((((((((((((( Filer skabt fra 2008-10-21 til 2008-11-21 )))))))))))))))))))))))))))))))))))
.
2008-11-21 20:09 . 2008-11-21 20:09 <DIR> d-------- c:\programmer\Fælles filer\Adobe AIR
2008-11-13 14:35 . 2008-11-13 14:35 13,646 --a------ c:\windows\system32\wpa.bak
2008-11-13 14:32 . 2008-11-13 14:32 <DIR> d-------- C:\_OTMoveIt
2008-11-12 11:50 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:50 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 17:28 . 2008-11-06 17:28 <DIR> d-------- c:\programmer\Winamp Toolbar
2008-11-06 17:28 . 2008-11-20 17:40 <DIR> d-------- c:\programmer\Winamp Remote
2008-11-06 17:28 . 2008-11-06 17:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-06 17:28 . 2008-11-07 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-10-27 04:22 . 2008-10-27 04:22 <DIR> d-------- c:\documents and settings\Niklas Nilsson\Application Data\SUPERAntiSpyware.com
2008-10-24 11:34 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 19:14 --------- d-----w c:\programmer\Winamp
2008-11-21 17:30 --------- d-----w c:\documents and settings\Niklas Nilsson\Application Data\OpenOffice.org2
2008-11-20 18:40 --------- d-----w c:\programmer\Windows Live Safety Center
2008-11-20 13:37 --------- d-----w c:\programmer\Fælles filer\Adobe
2008-11-17 16:48 --------- d-----w c:\programmer\Steam
2008-11-11 17:05 --------- d-----w c:\programmer\Fælles filer\Wise Installation Wizard
2008-10-27 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 16:23 --------- d--h--w c:\programmer\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-09 22:36 --------- d-----w c:\programmer\Java
2008-10-09 18:42 --------- d-----w c:\programmer\Fælles filer\Symantec Shared
2008-10-07 18:07 --------- d-----w c:\programmer\Gyldendals Etbindsleksikon
2008-10-05 14:01 --------- d-----w c:\documents and settings\Niklas Nilsson\Application Data\Politiken
2008-10-05 13:59 --------- d-----w c:\programmer\Polob32
2008-09-30 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-09-30 20:44 --------- d-----w c:\programmer\Messenger Plus! Live
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 16:10 --------- d-----w c:\programmer\Paint.NET
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-21_16.15.58.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-06-28 12:48:48 10,134 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\ARPPRODUCTICON.exe
+ 2008-11-21 15:54:25 10,134 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\ARPPRODUCTICON.exe
- 2008-06-28 12:48:48 65,536 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_0068B077AFDF4F14913EF2B7D0012422.exe
+ 2008-11-21 15:54:25 65,536 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_0068B077AFDF4F14913EF2B7D0012422.exe
- 2008-06-28 12:48:46 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:24 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_DE8DC033F69A4FE5B06ADACA24AB087B.exe
+ 2008-11-21 15:54:25 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_DE8DC033F69A4FE5B06ADACA24AB087B.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:47 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4_DE8DC033F69A4FE5B06ADACA24AB087B_2.exe
+ 2008-11-21 15:54:25 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4_DE8DC033F69A4FE5B06ADACA24AB087B_2.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut6_DE8DC033F69A4FE5B06ADACA24AB087B.exe
+ 2008-11-21 15:54:25 61,440 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut6_DE8DC033F69A4FE5B06ADACA24AB087B.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
- 2008-06-28 12:48:48 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
+ 2008-11-21 15:54:25 25,214 ----a-r c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
.
-- Snapshot sat til dags dato --
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\programmer\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 196864]
"LDM"="c:\programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-06-03 36864]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"OSSelectorReinstall"="c:\programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"LogitechCommunicationsManager"="c:\programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AWMON"="c:\programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2004-09-16 538112]
"BM332093fe"="c:\windows\system32\bnxltvry.dll" [bU]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech Desktop Messenger.lnk - c:\programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-03 196608]
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-08-07 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\BitSpirit\\BitSpirit.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Steam\\steamapps\\thenilssonbrothers\\counter-strike source\\hl2.exe"=
"c:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\garrysmod\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\counter-strike source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Programmer\\Steam\\steam.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\day of defeat source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\common\\savage 2 a tortured soul\\savage2.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\age of chivalry\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\zombie panic! source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\synergy\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\diprip warm up\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\couragedk\\insurgency\\hl2.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programmer\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [2008-06-06 15544]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2008-06-02 14592]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-27 14336]
S3 Memctl;Memctl;\??\c:\programmer\U-ABIT\FlashMenu\Memctl.sys []
S3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-06-01 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'
2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
- - - - TOMME GENVEJE FJERNET - - - -
HKLM-Run-Adobe Reader Speed Launcher - c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 20:25:36
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
Gennemført tid: 2008-11-21 20:26:31
ComboFix-quarantined-files.txt 2008-11-21 19:26:07
ComboFix2.txt 2008-11-21 15:16:14
Pre-Kørsel: 177.968.472.064 byte ledig
Post-Kørsel: 178,002,468,864 byte ledig
247 --- E O F --- 2008-11-12 10:52:16
I see the Kaspersky didn't find the malware... but i have a quarantine-log of some files or whatever it is. but they are pretty old now i think ( about 4 months i think) - i dont know if that could help... I've used ESET NOD32
0 -
I see the Kaspersky didn't find the malware... but i have a quarantine-log of some files or whatever it is. but they are pretty old now i think ( about 4 months i think) - i dont know if that could help... I've used ESET NOD32
Hi
You may clear those NOD32 quarantined objects (if they still exist).
Could you post a fresh hjt log too, please?
0 -
HiYou may clear those NOD32 quarantined objects (if they still exist).
Could you post a fresh hjt log too, please?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:33, on 22-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\winamp toolbar\WinampTbServer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 21564 bytes
And i cleared the quarantined objects too
0 -
Hi
AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Start hjt, do a system scan, check (if found):
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close browsers and fix checked.
Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here.
Reboot and post a fresh hjt log. How's the system running?
0 -
HiAD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Start hjt, do a system scan, check (if found):
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close browsers and fix checked.
Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here.
Reboot and post a fresh hjt log. How's the system running?
- I have already installed the new version of Adobe Reader... its version 9 or something... and i think the old version was uninstalled when the new version was installed.
I've fixed the 2 files u told me to do, and the system is running like before. No difference - so far
0 -
So, what's the problem there? Please post a fresh hjt log as instructed.
??? i dont see any problems so far... here is the hjt log...
I noticed the 2 files i removed still are there...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:03, on 22-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 21316 bytes
0 -
I've fixed the 2 files u told me to do, and the system is running like before. No difference - so far
So, what's the problem there? Please post a fresh hjt log as instructed.
0 -
Hi
Ok. I thought you meant there was still the original problem left
I have already installed the new version of Adobe Reader... its version 9 or something... and i think the old version was uninstalled when the new version was installed.
Version 8 is still there. Please uninstall it as instructed since it's a vulnerable one and may cause you problems in the future.
Also, before I forget let's replace your old Ad-Aware version with the latest one. Uninstall Ad-Aware SE thru add/remove programs. Then get the latest one here
I noticed the 2 files i removed still are there...
Did you remember turn Ad Watch off as instructed before fixing the entries with HijackThis? Let's do it again.
AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Start hjt, do a system scan, check (if found):
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close browsers and fix checked.
Reboot and post a fresh hjt log.
0 -
HiOk. I thought you meant there was still the original problem left
Version 8 is still there. Please uninstall it as instructed since it's a vulnerable one and may cause you problems in the future.
Also, before I forget let's replace your old Ad-Aware version with the latest one. Uninstall Ad-Aware SE thru add/remove programs. Then get the latest one here
Did you remember turn Ad Watch off as instructed before fixing the entries with HijackThis? Let's do it again.
AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called Active and Automatic.
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
Start hjt, do a system scan, check (if found):
O4 - HKLM\..\Run: [bM332093fe] Rundll32.exe "C:\WINDOWS\system32\bnxltvry.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close browsers and fix checked.
Reboot and post a fresh hjt log.
I dont know how to uninstall adobe reader 8... i can't find it. I've tried the search function and the "add/remove" function.. but it isn't there... I have searched my folders too :S
...And why should I uninstall my "old" version of ad-aware... now i dont have ad-watch anymore unless I pay...
btw. can I add you to msn for a while? - untill problem is solved?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:54, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
c:\programmer\winamp toolbar\WinampTbServer.exe
c:\programmer\winamp\winamp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 21543 bytes
0 -
Hi
Let's clean off some leftover entries.
Start hjt, do a system scan, check:
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Close browsers and fix checked.
Delete following folders if found:
C:\Programmer\Lavasoft\Ad-Aware SE Professional
C:\Programmer\Adobe\Reader 8.0
Reboot and post a fresh hjt log.
And why should I uninstall my "old" version of ad-aware... now i dont have ad-watch anymore
Cos old version can't see things as well as new one. If you need protection like ad watch gives then you might want to try WinPatrol.
btw. can I add you to msn for a while? - untill problem is solved?
We can solve the problem here at the forum.
0 -
HiLet's clean off some leftover entries.
Start hjt, do a system scan, check:
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Close browsers and fix checked.
Delete following folders if found:
C:\Programmer\Lavasoft\Ad-Aware SE Professional
C:\Programmer\Adobe\Reader 8.0
Reboot and post a fresh hjt log.
Cos old version can't see things as well as new one. If you need protection like ad watch gives then you might want to try WinPatrol.
We can solve the problem here at the forum.
None of the folders were found
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:44, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
c:\programmer\winamp\winamp.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Steam\steam.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\winamp toolbar\WinampTbServer.exe
C:\Programmer\BillP Studios\WinPatrol\WinPatrol.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmer\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmer\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programmer\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programmer\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212788122109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bw+0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {6EF6A33A-ACFB-47C8-AFD1-60178EF4D904} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Programmer\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 21506 bytes
I didn't disable scotty(Winpatrol) i dont know how to do that...
0 -
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
- Double-click OTMoveIt3.exe.
- Click the CleanUp! button.
- Select Yes when the
Begin cleanup Process?
prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
-
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here
You can download SpywareBlaster here here
SpywareBlaster tutorial
-
hosts file:- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
-
Click the start button (at the lower left hand corner of your screen)
-
Click run
-
In the dialog box, type services.msc
-
hit enter, then locate dns client
-
Highlight it, then double-click it.
-
On the dropdown box, change the setting from automatic to manual.
-
Click ok
[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
See here to choose one if you don't have a 3rd party firewall or aren't behind a router with NAT.
- Every version of windows has a hosts file as part of them.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
0 - Click START then RUN
-
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
- Double-click OTMoveIt3.exe.
- Click the CleanUp! button.
- Select Yes when the
Begin cleanup Process?
prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
-
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here
You can download SpywareBlaster here here
SpywareBlaster tutorial
-
hosts file:- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
-
-
Click the start button (at the lower left hand corner of your screen)
-
Click run
-
In the dialog box, type services.msc
-
hit enter, then locate dns client
-
Highlight it, then double-click it.
-
On the dropdown box, change the setting from automatic to manual.
-
Click ok
[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
See here to choose one if you don't have a 3rd party firewall or aren't behind a router with NAT.
- Every version of windows has a hosts file as part of them.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
I can't deactivate "system restore"... This happens (my own translation)
words with " is bad translations
"You have chosen to turn system restore off. If u continue, all "existing restorations" will be deleted, and you will no longer be able to track or regret the changes on the computer.
you want to turn off system restore?
[yes]
(next window)
[system restoration]
System restoration "met" an error while attempting to activate/deactivate one or more "drev"(dont know the english word, its like "C:\" and "D:\" - u know).
Restart, and try again."
0 - Click START then RUN
-
Hi
Please follow this set of instructions to reinstall system restore.
0 -
HiPlease follow this set of instructions to reinstall system restore.
I can't :S When i click "install" (point 3) it does not install... it tell me to find a folder i think :S
0 -
4. Windows will now attempt to reinstall System Restore, and may prompt you for the Windows installation source path. Point to %Windir%\ServicePackFiles folder, or insert your slipstreamed Windows XP (matching the Service Pack level of your system.)
Does your Windows XP media contain SP3? If not, you have to try installing by pointing installer to look from %Windir%\ServicePackFiles.
%Windir% = C:\WINDOWS
0
Please sign in to leave a comment.
Comments
55 comments