PDA

View Full Version : need help with internet explorer 7 please



muffun
2008-04-05, 03:12
hi i use firefox but for the last few weeks now internet explorer keeps opening with random pages from like zedo and mediaclick showing poker and other random things.i ue spybot to keep and ad adware prog but still this issue is there. i just cleaned with spybot again and i got this. can any1 help please?
thanks danny

--- Search result list ---
Smitfraud-C.CoreService: [SBI $9C656B9A] Data (File, nothing done)
C:\WINDOWS\system32\drivers\core.cache.dsk


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-03 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-02 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-02 Includes\DialerC.sbi (*)
2008-04-02 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-02 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-04-02 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-02 Includes\PUPSC.sbi (*)
2008-04-02 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-02 Includes\SecurityC.sbi (*)
2008-04-02 Includes\Spybots.sbi (*)
2008-04-02 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-02 Includes\Trojans.sbi (*)
2008-04-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885295
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Hotfix for Windows XP (KB935448)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, AOLAspSunset2
command: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 71008
MD5: ED869A153D5C6F0C55C6D2987910AC7D

Located: HK_LM:Run, AVP
command: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
file: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
size: 227856
MD5: 7519905CD74F26E9385B83BF2EF242C2

Located: HK_LM:Run, EzPrint
command: "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
file: C:\Program Files\Lexmark 4300 Series\ezprint.exe
size: 94208
MD5: 3F0EDDEB128F4143F614B8DDD4705237

Located: HK_LM:Run, Gainward
command: C:\Program Files\XpertVision\TBPanel.exe /A
file: C:\Program Files\XpertVision\TBPanel.exe
size: 2165256
MD5: 80E5201C793097B0C711CA5E7C8EE3DB

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1200515306\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1200515306\ee\AOLSoftware.exe
size: 50736
MD5: C482C535CBFEFE722EC1EB7F11F680A3

Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 284184
MD5: 305E20E5C325D8D5F44BFBF229B9DC7C

Located: HK_LM:Run, LogitechQuickCamRibbon
command: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
file: C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 746520
MD5: 2E44EE2294BA07D4E58EAE9BFBB97824

Located: HK_LM:Run, LVCOMSX
command: "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 244512
MD5: 8A293A35CF99D8EA9058EB9693B00086

Located: HK_LM:Run, LXCECATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, lxcemon.exe
command: "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
file: C:\Program Files\Lexmark 4300 Series\lxcemon.exe
size: 192512
MD5: A75C5D82AEDB788E7A478AD8DB040B93

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: EA403BDD9CCB4B3FA6222ADF0434D199

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: C341CCFBE98BC7DF6E0B856BB9FC265A

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16143872
MD5: 9EF1CB17583B61E635931198F93B7310

Located: HK_LM:Run, SBCSTray
command: C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
file: C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
size: 698864
MD5: 6CEC5278A917DCBDE0A7D3B0EBC3DD1E

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7

Located: HK_LM:RunOnce, SpybotDeletingA2733
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA2855
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC8056
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_LM:RunOnce, SpybotDeletingC9901
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6


Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, Free Ram Optimizer
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
file: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
size: 57344
MD5: 75C22DAD3571C474A0E2B1ABA4E7B409

Located: HK_CU:Run, LDM
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 36864
MD5: 94782C50F682CCC02C1FF4360976A5C8

Located: HK_CU:Run, LogitechSetup
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: D:\Setup\Setup.exe /start /restart /l:enu
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!


Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:RunOnce, SpybotDeletingB7683
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7873
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD3640
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD432
where: S-1-5-21-1390067357-343818398-725345543-1005...
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Rorschach112
2008-04-05, 15:09
Hello

Please download ComboFix from Here (http://subs.geekstogo.com/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------


Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.


-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

muffun
2008-04-05, 17:11
this is the log from combofix and ill post the log from hijackthis in a moment
hope this helps

ComboFix 08-04-04.1 - Danny Haslam 2008-04-05 15:00:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1541 [GMT 1:00]
Running from: C:\Documents and Settings\Danny Haslam\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\videoprtt.sys
.
---- Previous Run -------
.
C:\Documents and Settings\Danny Haslam\Local Settings\Temporary Internet Files\ENCSC-Download.com.2.5.1040.0.exe
C:\temp\tn3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_videoprtt
-------\Legacy_videoprtt
-------\videoprtt
-------\Legacy_VIDEOPRTT
-------\Service_videoprtt


((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-04 23:49 . 2008-04-04 23:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 00:43 . 2008-04-04 00:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-04 00:43 . 2008-04-04 00:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-04 00:42 . 2008-04-04 00:42 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-03 22:47 . 2008-04-05 14:21 739 --a------ C:\WINDOWS\wininit.ini
2008-04-03 22:44 . 2008-04-03 22:44 <DIR> d-------- C:\Documents and Settings\Danny Haslam\Application Data\Sunbelt Software
2008-04-03 22:44 . 2008-04-03 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-03 22:43 . 2008-04-03 22:43 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-04-03 22:27 . 2008-04-03 22:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 22:27 . 2008-04-03 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 14:34 . 2008-03-28 14:34 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-28 14:34 . 2008-03-28 14:34 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-28 14:33 . 2008-03-28 14:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-28 14:33 . 2008-03-28 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-28 14:33 . 2008-04-05 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 14:33 . 2008-04-05 15:02 5,920,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 14:33 . 2008-04-05 15:02 582,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-28 14:33 . 2008-04-05 15:02 52,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 14:33 . 2008-04-05 15:02 5,708 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-27 16:54 . 2008-03-27 16:54 <DIR> d-------- C:\Program Files\Eidos
2008-03-27 14:22 . 2008-03-27 14:22 <DIR> d-------- C:\Logs
2008-03-27 01:00 . 2008-03-27 01:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-27 01:00 . 2008-03-27 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 01:00 . 2008-03-27 01:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-25 23:03 . 2008-04-05 15:04 <DIR> d-------- C:\Program Files\Lx_cats
2008-03-25 23:03 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-25 23:03 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-25 23:03 . 2008-03-25 23:03 11,141 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-03-25 23:02 . 2008-03-25 23:15 <DIR> d-------- C:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-03-25 23:02 . 2008-03-25 23:15 <DIR> d-------- C:\Program Files\Lexmark 4300 Series
2008-03-25 20:56 . 2008-03-25 21:03 <DIR> d-------- C:\Documents and Settings\Danny Haslam\Application Data\FlySuite
2008-03-25 20:55 . 2008-03-25 20:56 <DIR> d-------- C:\FlySuite
2008-03-16 00:38 . 2008-03-16 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-15 23:33 . 2008-03-15 23:33 <DIR> d-------- C:\OEMSettings
2008-03-13 15:20 . 2008-03-13 15:20 268 --ah----- C:\sqmdata10.sqm
2008-03-13 15:20 . 2008-03-13 15:20 244 --ah----- C:\sqmnoopt10.sqm
2008-03-13 01:07 . 2008-03-13 01:07 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-03-11 23:54 . 2008-03-11 23:54 <DIR> d-------- C:\Program Files\THQ
2008-03-11 17:55 . 2008-03-11 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-11 16:15 . 2008-03-11 16:15 268 --ah----- C:\sqmdata09.sqm
2008-03-11 16:15 . 2008-03-11 16:15 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 14:04 --------- d-----w C:\Documents and Settings\Danny Haslam\Application Data\Skype
2008-04-05 13:58 --------- d-----w C:\Documents and Settings\Danny Haslam\Application Data\skypePM
2008-04-05 11:11 --------- d-----w C:\Program Files\World of Warcraft
2008-04-04 23:33 --------- d-----w C:\Program Files\MySpace
2008-04-04 15:46 1,982 ----a-w C:\Documents and Settings\Danny Haslam\Application Data\wklnhst.dat
2008-04-01 06:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 15:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 00:56 --------- d-----w C:\Program Files\PKR
2008-03-17 23:00 --------- d-----w C:\Documents and Settings\Danny Haslam\Application Data\LimeWire
2008-03-15 23:18 --------- d-----w C:\Program Files\AOL 9.0
2008-03-03 21:29 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-03 17:55 --------- d-----w C:\Program Files\NETGEAR
2008-03-02 10:51 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-02 10:51 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-02 10:47 --------- d-----w C:\Program Files\GeoVid
2008-02-29 10:20 --------- d-----w C:\Documents and Settings\Danny Haslam\Application Data\MySpace
2008-02-22 12:11 --------- d--h--r C:\Documents and Settings\Danny Haslam\Application Data\SecuROM
2008-02-15 10:50 --------- d-----w C:\Program Files\OpenAL
2008-02-15 10:46 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-13 19:07 --------- d-----w C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-02-10 21:49 --------- d-----w C:\Program Files\Skype
2008-02-10 19:34 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-10 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-10 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-10 12:28 --------- d-----w C:\Documents and Settings\Samantha Drake\Application Data\AOL
2008-02-10 04:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-10 04:46 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-10 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-10 00:30 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-10 00:30 --------- d-----w C:\Program Files\Common Files\Real
2008-02-08 18:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-01-16 20:58 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-04-23 14:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 14:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 11:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 11:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 11:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 11:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 11:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 11:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 11:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"LogitechSetup"="D:\Setup\Setup.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-16 21:58 36864]
"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 10:19 57344]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-16 19:57 98304]
"HostManager"="C:\Program Files\Common Files\AOL\1200515306\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-11-01 14:25 2165256]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 01:29 185896]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45 192512]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17 94208]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 19:36 227856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2008-01-16 19:57:03 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2008-01-16 19:57:49 250992]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-16 21:58:28 196608]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 16:14:42 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"msacm.l3acm"= L3CODECA.ACM
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Common Files\\AOL\\1200515306\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-04-04 00:42]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 15:11]
S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\DANNYH~1\LOCALS~1\Temp\mdxgthkn.sys []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 15:04:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\program files\common files\aol\1200515306\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-04-05 15:06:34 - machine was rebooted [Danny Haslam]
ComboFix-quarantined-files.txt 2008-04-05 14:06:31
Pre-Run: 339,574,747,136 bytes free
Post-Run: 340,314,681,344 bytes free
.
2008-03-13 02:55:48 --- E O F ---

muffun
2008-04-05, 17:20
and this is the new hijackthis log cant fit it all in says its too big so ill post some and then post the rest in a differnt log straight after sorry about this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:36, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1200515306\ee\AOLSoftware.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1200515306\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1200515306\ee\aolsoftware.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

muffun
2008-04-05, 17:21
this is the other half of the hijackthis log

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200515306\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Danny Haslam\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O18 - Protocol: bw+0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {306D95B6-1D1F-4810-8ED3-A1A1030D976E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 22465 bytes

Rorschach112
2008-04-05, 17:24
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:


Driver::
mdxgthkn

Save this as CFScript.txt, in the same location as ComboFix.exe


http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and tell me how your PC is running

muffun
2008-04-05, 17:59
this is the log from the Mbam

Malwarebytes' Anti-Malware 1.10
Database version: 593

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 101376
Time elapsed: 13 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Danny Haslam\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

Rorschach112
2008-04-05, 19:54
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)

* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)

Thank you for your patience, and performing all of the procedures requested.

muffun
2008-04-05, 22:14
thanks so much for all the info that you have provided. its been very helpful and has solved my prob :)
cheers Danny

Rorschach112
2008-04-05, 22:19
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.