Jump to content
Sign in to follow this  
zid

Reallllly slow computer(Resolved)

Recommended Posts

So Ive been having major problems with my computer lately and a friend directed me here. I did the things in the tagged topic for slowly running computers, Ive run ad-aware, but it was giving me issues so I eventually deleted that and tried spybot. It says there are items that can only be deleted upon startup but even when I do that they dont delete.

 

The problems Im having with my computer are; it is running very slowly, I have a ton of pop-ups (mostly about cleaning spyare and malware) sometimes it will cause pop-ups, or new tabs to open non-stop until there are at least 50 blank pages open and my computer will freeze. Often I lose the bar at the bottom of my screen with the start button and tabs on it, It often becomes unresponsive when I try Ctrl+alt+delete. I dont know what to do, it all started 2 months ago when I moved and changed service. I guess I should post the logs now. (sorry im inexperienced with this part) Here are the logs that popped up when I ran RSIT

 

this was tited INFO

 

info.txt logfile of random's system information tool 1.05 2009-01-17 03:50:52

 

======Uninstall list======

 

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}

AIM 6-->C:\Program Files\AIM6\uninst.exe

AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"

Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

bitcontrol® MPEG Video Decoder v3.0-->"C:\Program Files\Common Files\BitCtrl\uninst-bcmpeg.exe"

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9

Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & Officejet 4.7 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzscr01.exe" -datfile hposcr05.dat

HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}

iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}

Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

kSolo Recorder-->C:\Program Files\kSolo\uninstall.exe

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL

Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress

Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Paint Shop Pro 7.00-->C:\Program Files\Jasc Software\Paint Shop Pro 7\Uninstall.exe

PCI Audio Driver-->cmuninst.exe

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

System event log

 

Computer Name: LAMETOWN

Event Code: 4201

Message: The system detected that network adapter Compact...USB Adapter - Packet Scheduler Miniport was connected to the network,

and has initiated normal operation over the network adapter.

 

Record Number: 5

Source Name: Tcpip

Time Written: 20081204192715.000000-300

Event Type: information

User:

 

Computer Name: LAMETOWN

Event Code: 4201

Message: The system detected that network adapter Compact...USB Adapter - Packet Scheduler Miniport was connected to the network,

and has initiated normal operation over the network adapter.

 

Record Number: 4

Source Name: Tcpip

Time Written: 20081204192715.000000-300

Event Type: information

User:

 

Computer Name: LAMETOWN

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 0014BF7F7E62. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

 

Record Number: 3

Source Name: Dhcp

Time Written: 20081204192657.000000-300

Event Type: warning

User:

 

Computer Name: LAMETOWN

Event Code: 6005

Message: The Event log service was started.

 

Record Number: 2

Source Name: EventLog

Time Written: 20081204192647.000000-300

Event Type: information

User:

 

Computer Name: LAMETOWN

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20081204192647.000000-300

Event Type: information

User:

 

Application event log

 

Computer Name: LAMETOWN

Event Code: 0

Message:

Record Number: 5

Source Name: LVCOMSer

Time Written: 20081223093657.000000-300

Event Type: information

User:

 

Computer Name: LAMETOWN

Event Code: 1001

Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

 

Record Number: 4

Source Name: MsiInstaller

Time Written: 20081223093654.000000-300

Event Type: warning

User: NT AUTHORITY\NETWORK SERVICE

 

Computer Name: LAMETOWN

Event Code: 1004

Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

 

Record Number: 3

Source Name: MsiInstaller

Time Written: 20081223093654.000000-300

Event Type: warning

User: NT AUTHORITY\NETWORK SERVICE

 

Computer Name: LAMETOWN

Event Code: 0

Message:

Record Number: 2

Source Name: gusvc

Time Written: 20081223093650.000000-300

Event Type: information

User:

 

Computer Name: LAMETOWN

Event Code: 1

Message:

Record Number: 1

Source Name: Bonjour Service

Time Written: 20081223093647.000000-300

Event Type: information

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0102

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

 

 

this was titled LOG

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-17 03:49:45

Microsoft Windows XP Professional Service Pack 2

System drive C: has 30 GB (78%) free of 39 GB

Total RAM: 511 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:50:15 AM, on 1/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\TWF0dGhldw\command.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe

C:\Documents and Settings\Matt\Application Data\Twain\Twain.exe

C:\Documents and Settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe

C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\rgnwq.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: (no name) - {0A37553A-47E0-4DED-9E6C-C28DBA0623ED} - (no file)

O2 - BHO: (no name) - {0FD5AACA-2889-41D7-946E-71E0261E3864} - (no file)

O2 - BHO: (no name) - {210DC660-F116-4774-9BA2-C56FEAABFD1D} - (no file)

O2 - BHO: (no name) - {2872C512-ADF5-4515-9C39-224A8D2987F9} - (no file)

O2 - BHO: (no name) - {3EB962CE-75D6-4592-BD08-A23F49F6610E} - (no file)

O2 - BHO: (no name) - {5329D1BA-32D8-4A5F-9A77-E3447380DF93} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {558DB326-423A-45B5-84AC-2E5357719999} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\puqmikmu.dll

O2 - BHO: (no name) - {833903C7-45DE-403B-9B23-F3792CB4B7BA} - (no file)

O2 - BHO: (no name) - {887F807A-FD61-4BA9-8B32-43F9C2B419CD} - (no file)

O2 - BHO: (no name) - {8fdcaf36-75df-46ac-8953-045208055d12} - (no file)

O2 - BHO: (no name) - {9929C055-C9CD-449E-B825-C6604E310B59} - (no file)

O2 - BHO: (no name) - {A5E43579-0124-4698-AD0A-30CD255B0CFD} - (no file)

O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\jkkjghhf.dll

O2 - BHO: (no name) - {A88DFF3E-89CD-4A33-8D31-54F0337C377E} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: (no name) - {C0165D8E-DD45-4588-BE9B-873EBD47C3C2} - (no file)

O2 - BHO: (no name) - {C79EB4BD-7E9F-45F9-BBBF-9607B77D14C1} - C:\WINDOWS\system32\mlJDtuvS.dll

O2 - BHO: (no name) - {C911F231-752D-48E2-8C5C-06CD005DA6DA} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {FACE5056-7C78-449E-ADFD-5E66484216D7} - (no file)

O2 - BHO: (no name) - {FF0AB58E-514E-4342-8365-3031E98ECDF4} - (no file)

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\RunOnce: [spybotDeletingA2882] command /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC3343] cmd /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA7081] command /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4887] cmd /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt\Application Data\Twain\Twain.exe

O4 - HKCU\..\Run: [speedRunner] C:\Documents and Settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe

O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\rgnwq.exe

O4 - HKCU\..\Run: [GetPack24] "C:\Program Files\GetPack\GetPack24.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB1949] command /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD8199] cmd /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB9643] command /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD6629] cmd /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - ?p=ZJxdm221MHUS

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: okxyfo.dll dnlwrd.dll vsoefk.dll exvmek.dll lcpjmb.dll vwrqsl.dll uvqiak.dll xlnhse.dll nogtav.dll opxobw.dll izvqie.dll kcvgfc.dll alshke.dll cuuyym.dll dfdxdv.dll kzeyyu.dll oybity.dll poqcyb.dll etogvv.dll leobls.dll

O20 - Winlogon Notify: jkkjghhf - C:\WINDOWS\SYSTEM32\jkkjghhf.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dGhldw\command.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 12174 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A37553A-47E0-4DED-9E6C-C28DBA0623ED}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FD5AACA-2889-41D7-946E-71E0261E3864}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{210DC660-F116-4774-9BA2-C56FEAABFD1D}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2872C512-ADF5-4515-9C39-224A8D2987F9}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EB962CE-75D6-4592-BD08-A23F49F6610E}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5329D1BA-32D8-4A5F-9A77-E3447380DF93}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{558DB326-423A-45B5-84AC-2E5357719999}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77AB59B4-55A3-4737-9FD5-B93C6430BF78}]

C:\WINDOWS\system32\puqmikmu.dll [2008-12-13 116736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{833903C7-45DE-403B-9B23-F3792CB4B7BA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{887F807A-FD61-4BA9-8B32-43F9C2B419CD}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fdcaf36-75df-46ac-8953-045208055d12}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9929C055-C9CD-449E-B825-C6604E310B59}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5E43579-0124-4698-AD0A-30CD255B0CFD}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]

C:\WINDOWS\system32\jkkjghhf.dll [2008-11-13 25600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A88DFF3E-89CD-4A33-8D31-54F0337C377E}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0165D8E-DD45-4588-BE9B-873EBD47C3C2}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C79EB4BD-7E9F-45F9-BBBF-9607B77D14C1}]

C:\WINDOWS\system32\mlJDtuvS.dll [2008-11-13 313856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C911F231-752D-48E2-8C5C-06CD005DA6DA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FACE5056-7C78-449E-ADFD-5E66484216D7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF0AB58E-514E-4342-8365-3031E98ECDF4}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingA2882"=command /c del C:\WINDOWS\system32\SvutDJlm.ini []

"SpybotDeletingC3343"=cmd /c del C:\WINDOWS\system32\SvutDJlm.ini []

"SpybotDeletingA7081"=command /c del C:\WINDOWS\system32\ffkdmolp.dll_old []

"SpybotDeletingC4887"=cmd /c del C:\WINDOWS\system32\ffkdmolp.dll_old []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

"gadcom"=C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe [2008-11-13 56832]

"Twain"=C:\Documents and Settings\Matt\Application Data\Twain\Twain.exe [2008-11-14 61440]

"SpeedRunner"=C:\Documents and Settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe [2008-11-14 218112]

"SfKg6wIP"=C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\rgnwq.exe [2008-11-14 35328]

"GetPack24"=C:\Program Files\GetPack\GetPack24.exe []

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingB1949"=command /c del C:\WINDOWS\system32\SvutDJlm.ini []

"SpybotDeletingD8199"=cmd /c del C:\WINDOWS\system32\SvutDJlm.ini []

"SpybotDeletingB9643"=command /c del C:\WINDOWS\system32\ffkdmolp.dll_old []

"SpybotDeletingD6629"=cmd /c del C:\WINDOWS\system32\ffkdmolp.dll_old []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="okxyfo.dll dnlwrd.dll vsoefk.dll exvmek.dll lcpjmb.dll vwrqsl.dll uvqiak.dll xlnhse.dll nogtav.dll opxobw.dll izvqie.dll kcvgfc.dll alshke.dll cuuyym.dll dfdxdv.dll kzeyyu.dll oybity.dll poqcyb.dll etogvv.dll leobls.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjghhf]

C:\WINDOWS\system32\jkkjghhf.dll [2008-11-13 25600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\jkkjghhf.dll [2008-11-13 25600]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\WINDOWS\system32\mlJDtuvS

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost&

Share this post


Link to post
Share on other sites

hi the first thing i would do is this

 

download Malwarebytes' Anti-Malware to your desktop

 

 

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

After running MBAM, create a new HJT log.

Post it & MBAM's log here

Share this post


Link to post
Share on other sites

Hi and Welcome

 

The machine is heavily infected.

 

 

 

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

 

 

# Open Spybot Search & Destroy.

# In the Mode menu click "Advanced mode" if not already selected.

# Choose "Yes" at the Warning prompt.

# Expand the "Tools" menu.

# Click "Resident".

# Uncheck the "Resident "TeaTimer" (Protection of overall system settings)

active." box.

# In the File menu click "Exit" to exit Spybot Search & Destroy.

 

* See this link for a tutorial http://russelltexas.com/malware/teatimer.htm

 

 

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: (no name) - {0A37553A-47E0-4DED-9E6C-C28DBA0623ED} - (no file)

O2 - BHO: (no name) - {0FD5AACA-2889-41D7-946E-71E0261E3864} - (no file)

O2 - BHO: (no name) - {210DC660-F116-4774-9BA2-C56FEAABFD1D} - (no file)

O2 - BHO: (no name) - {2872C512-ADF5-4515-9C39-224A8D2987F9} - (no file)

O2 - BHO: (no name) - {3EB962CE-75D6-4592-BD08-A23F49F6610E} - (no file)

O2 - BHO: (no name) - {5329D1BA-32D8-4A5F-9A77-E3447380DF93} - (no file)

 

 

O2 - BHO: (no name) - {558DB326-423A-45B5-84AC-2E5357719999} - (no file)

O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\puqmikmu.dll

O2 - BHO: (no name) - {833903C7-45DE-403B-9B23-F3792CB4B7BA} - (no file)

O2 - BHO: (no name) - {887F807A-FD61-4BA9-8B32-43F9C2B419CD} - (no file)

O2 - BHO: (no name) - {8fdcaf36-75df-46ac-8953-045208055d12} - (no file)

O2 - BHO: (no name) - {9929C055-C9CD-449E-B825-C6604E310B59} - (no file)

O2 - BHO: (no name) - {A5E43579-0124-4698-AD0A-30CD255B0CFD} - (no file)

O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\jkkjghhf.dll

O2 - BHO: (no name) - {A88DFF3E-89CD-4A33-8D31-54F0337C377E} - (no file)

 

O2 - BHO: (no name) - {C0165D8E-DD45-4588-BE9B-873EBD47C3C2} - (no file)

O2 - BHO: (no name) - {C79EB4BD-7E9F-45F9-BBBF-9607B77D14C1} - C:\WINDOWS\system32\mlJDtuvS.dll

O2 - BHO: (no name) - {C911F231-752D-48E2-8C5C-06CD005DA6DA} - (no file)

O2 - BHO: (no name) - {FACE5056-7C78-449E-ADFD-5E66484216D7} - (no file)

O2 - BHO: (no name) - {FF0AB58E-514E-4342-8365-3031E98ECDF4} - (no file)

 

O4 - HKLM\..\RunOnce: [spybotDeletingA2882] command /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingC3343] cmd /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKLM\..\RunOnce: [spybotDeletingA7081] command /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4887] cmd /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt\Application Data\Twain\Twain.exe

O4 - HKCU\..\Run: [speedRunner] C:\Documents and Settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe

 

O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\rgnwq.exe

O4 - HKCU\..\Run: [GetPack24] "C:\Program Files\GetPack\GetPack24.exe"

O4 - HKCU\..\RunOnce: [spybotDeletingB1949] command /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingD8199] cmd /c del "C:\WINDOWS\system32\SvutDJlm.ini"

O4 - HKCU\..\RunOnce: [spybotDeletingB9643] command /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD6629] cmd /c del "C:\WINDOWS\system32\ffkdmolp.dll_old"

 

O20 - AppInit_DLLs: okxyfo.dll dnlwrd.dll vsoefk.dll exvmek.dll lcpjmb.dll vwrqsl.dll uvqiak.dll xlnhse.dll nogtav.dll opxobw.dll izvqie.dll kcvgfc.dll alshke.dll cuuyym.dll dfdxdv.dll kzeyyu.dll oybity.dll poqcyb.dll etogvv.dll leobls.dll

O20 - Winlogon Notify: jkkjghhf - C:\WINDOWS\SYSTEM32\jkkjghhf.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dGhldw\command.exe

 

 

 

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

Link 3

 

Posted Image

 

 

Posted Image

--------------------------------------------------------------------

 

Double click on Combo-Fix.exe & follow the prompts.

 

** Please Note:

At times ComboFix may appear to stall, please be patient.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

 

 

Also after running the above, you need to download and install an Antivirus, I'm not seeing one on the machine.

 

 

 

I can give you links to free Antivirus and Firewall programs which are used by a very many.

What you'll probably have to do is experiment some what to find one that runs well on your machine.

 

Avira

Here is a tutorial on it's setup and use:

http://www.techsupportforum.com/content/Se...rticles/64.html

 

Avast!

How to Install, Configure, and Use Avast Antivirus

 

 

AVG Free 7.5,

Help overview http://free.grisoft.com/doc/5/us/frt/0/num/616#faq_616

This is a very useful read:

http://grandstreamdreams.blogspot.com/2008...-version-8.html

 

 

Never install more than one antivirus scanner or firewall on your system

Share this post


Link to post
Share on other sites

OK so i did the hijack this scan and deleted the items that were there. I also turned off teatimer. I did combo-fix and before It started it said that

 

C:\WINDOWS\TWF0dGhldw\asappsrvd.dll attempted to attach itself to the program

 

and to write it down just in case. in any event here is the combo-fox log

 

ComboFix 09-01-17.02 - Matt 2009-01-17 13:25:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.276 [GMT -5:00]

Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

c:\windows\TWF0dGhldw\asappsrv.dll

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Matt\Application Data\FunWebProducts

c:\documents and settings\Matt\Application Data\FunWebProducts\Data\Matt\avatar.dat

c:\documents and settings\Matt\Application Data\FunWebProducts\Data\Matt\zbucks.dat

c:\documents and settings\Matt\Application Data\gadcom

c:\documents and settings\Matt\Application Data\gadcom\gadcom.exe

c:\documents and settings\Matt\Application Data\gadcom\kernell32.dll

c:\documents and settings\Matt\Application Data\Google\djvlg2072387.exe

c:\documents and settings\Matt\Application Data\Google\lrpfwl.dll

c:\documents and settings\Matt\Application Data\SpeedRunner

c:\documents and settings\Matt\Application Data\SpeedRunner\config.cfg

c:\documents and settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe

c:\documents and settings\Matt\Application Data\SpeedRunner\SRUninstall.exe

c:\documents and settings\Matt\Application Data\twain\Twain.exe

c:\documents and settings\Matt\Local Settings\Temporary Internet Files\bestwiner.stt

c:\documents and settings\Matt\Local Settings\Temporary Internet Files\fbk.sts

c:\program files\Mjcore

c:\program files\Mjcore\Mjcore.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe

c:\program files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe

c:\program files\WinBudget

c:\program files\WinBudget\bin\matrix.dll

c:\windows\system32\alshke.dll

c:\windows\system32\atmtd.dll.tmp

c:\windows\system32\bpdfns.dll

c:\windows\system32\cotrykrq.dll

c:\windows\system32\cppvtlgd.dll

c:\windows\system32\cqojtm.dll

c:\windows\system32\cuuyym.dll

c:\windows\system32\dfdxdv.dll

c:\windows\system32\dhcpcvbr.dll

c:\windows\system32\diwoebtp.dll

c:\windows\system32\dnlwrd.dll

c:\windows\system32\eeksbayw.dll

c:\windows\system32\emvpyjyk.dll

c:\windows\system32\etogvv.dll

c:\windows\system32\exvmek.dll

c:\windows\system32\eydgaajg.dll

c:\windows\system32\eymdhpdl.dll

c:\windows\system32\fqphuvob.dll

c:\windows\system32\hnslfqfd.dll

c:\windows\system32\hvrcqukg.dll

c:\windows\system32\igcmqrpx.dll

c:\windows\system32\igqagvwg.dll

c:\windows\system32\iovqim.dll

c:\windows\system32\irvbilcp.dll

c:\windows\system32\izvqie.dll

c:\windows\system32\jdcvcsan.dll

c:\windows\system32\jkkjghhf.dll

c:\windows\system32\juwxfphc.dll

c:\windows\system32\kcvgfc.dll

c:\windows\system32\kzeyyu.dll

c:\windows\system32\lcpjmb.dll

c:\windows\system32\leobls.dll

c:\windows\system32\lgawrkge.dll

c:\windows\system32\lrxxudau.dll

c:\windows\system32\lvwrksns.dll

c:\windows\system32\lwugjfmr.dll

c:\windows\system32\lyevdxic.dll

c:\windows\system32\mcrh.tmp

c:\windows\system32\mlJDtuvS.dll

c:\windows\system32\msansspc.dll

c:\windows\system32\mtdqefqr.dll

c:\windows\system32\nauwioug.dll

c:\windows\system32\nogtav.dll

c:\windows\system32\obntxpbm.dll

c:\windows\system32\okxyfo.dll

c:\windows\system32\opxobw.dll

c:\windows\system32\owwxhrto.dll

c:\windows\system32\oybity.dll

c:\windows\system32\pidjemqm.dll

c:\windows\system32\poqcyb.dll

c:\windows\system32\pugxai.dll

c:\windows\system32\puqmikmu.dll

c:\windows\system32\rtstlbkv.dll

c:\windows\system32\SvutDJlm.ini

c:\windows\system32\SvutDJlm.ini2

c:\windows\system32\sxzhte.dll

c:\windows\system32\tdhouocs.dll

c:\windows\system32\tvmxucrc.dll

c:\windows\system32\utjvhhev.dll

c:\windows\system32\uvqiak.dll

c:\windows\system32\vaykcddk.dll

c:\windows\system32\vebmdvcj.dll

c:\windows\system32\vkkaryyh.dll

c:\windows\system32\vsoefk.dll

c:\windows\system32\vwrqsl.dll

c:\windows\system32\wookqlgk.dll

c:\windows\system32\xjnztt.dll

c:\windows\system32\xlnhse.dll

c:\windows\system32\xogovguv.dll

c:\windows\system32\yayawyqw.dll

c:\windows\system32\yjjdrl.dll

c:\windows\system32\yoshkvay.dll

c:\windows\system32\yqafjt.dll

c:\windows\system32\zkxjga.dll

c:\windows\TWF0dGhldw\

c:\windows\TWF0dGhldw\\asappsrv.dll.vir

c:\windows\TWF0dGhldw\\command.exe

c:\windows\TWF0dGhldw\\nqIXx315xT.vbs

c:\windows\TWF0dGhldw\command.exe

c:\windows\wiaserviv.log

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CMDSERVICE

-------\Legacy_NETWORK_MONITOR

-------\Service_cmdService

 

 

((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))

.

 

2009-01-17 13:19 . 2009-01-17 13:20 <DIR> d-------- C:\32788R22FWJFW

2009-01-17 03:49 . 2009-01-17 03:50 <DIR> d-------- C:\rsit

2009-01-17 03:47 . 2009-01-17 03:47 <DIR> d-------- c:\program files\Trend Micro

2009-01-17 01:22 . 2009-01-17 01:22 49,152 --a------ c:\documents and settings\Matt\Application Data\upd.exe

2009-01-16 23:12 . 2009-01-16 23:12 120 --ahs---- c:\windows\system32\plomdkff.ini

2009-01-15 19:12 . 2009-01-15 19:12 120 --ahs---- c:\windows\system32\jcvdmbev.ini

2009-01-15 19:07 . 2009-01-15 19:07 40,960 --a------ c:\windows\system32\detohclc.dll

2009-01-15 17:08 . 2009-01-15 17:08 120 --ahs---- c:\windows\system32\mqmejdip.ini

2009-01-12 19:35 . 2009-01-12 19:35 120 --ahs---- c:\windows\system32\pcuoxdui.ini

2009-01-11 19:35 . 2009-01-11 19:35 120 --ahs---- c:\windows\system32\njgaguqi.ini

2009-01-10 19:35 . 2009-01-10 19:35 120 --ahs---- c:\windows\system32\qfoybdbu.ini

2009-01-09 19:38 . 2009-01-09 19:38 120 --ahs---- c:\windows\system32\frcromlm.ini

2009-01-08 19:39 . 2009-01-08 19:39 120 --ahs---- c:\windows\system32\oefolwmq.ini

2009-01-06 20:06 . 2009-01-06 20:06 120 --ahs---- c:\windows\system32\dgltvppc.ini

2008-12-31 20:19 . 2008-12-31 20:19 120 --ahs---- c:\windows\system32\wqywayay.ini

2008-12-31 02:58 . 2008-12-31 02:58 120 --ahs---- c:\windows\system32\lkechepf.ini

2008-12-30 02:57 . 2008-12-30 02:57 120 --ahs---- c:\windows\system32\ipofvvsb.ini

2008-12-27 03:21 . 2008-12-27 03:21 120 --ahs---- c:\windows\system32\qihxxfvf.ini

2008-12-26 03:23 . 2008-12-26 03:23 120 --ahs---- c:\windows\system32\crcuxmvt.ini

2008-12-25 03:20 . 2008-12-25 03:20 120 --ahs---- c:\windows\system32\cqjgjkpj.ini

2008-12-24 03:23 . 2008-12-24 03:23 120 --ahs---- c:\windows\system32\nwmaochj.ini

2008-12-23 03:25 . 2008-12-23 03:25 120 --ahs---- c:\windows\system32\chpfxwuj.ini

2008-12-22 03:22 . 2008-12-22 03:22 120 --ahs---- c:\windows\system32\hsxcehxn.ini

2008-12-21 03:21 . 2008-12-21 03:21 120 --ahs---- c:\windows\system32\wyabskee.ini

2008-12-17 14:51 . 2008-12-17 14:51 120 --ahs---- c:\windows\system32\fvafwptt.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-17 18:28 --------- d-----w c:\documents and settings\Matt\Application Data\Twain

2009-01-17 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-01-16 00:19 --------- d-----w c:\documents and settings\Matt\Application Data\BitTorrent

2008-12-05 00:18 --------- d-----w c:\program files\DivX

2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys

2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys

2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys

2008-11-19 00:55 --------- d-----w c:\program files\Java

2008-06-01 21:17 168 --sha-r c:\windows\system32\492069A402.sys

2008-06-01 21:17 2,984 -csha-w c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

-c--a-w 39,792 2007-10-11 00:51:56 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

 

-c--a-w 185,632 2008-01-18 06:48:16 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

 

-c--a-w 290,112 2007-12-23 03:54:37 c:\program files\DNA\bak\btdna.exe

 

-c--a-w 49,152 2004-02-12 18:38:56 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

 

-c--a-w 241,664 2004-05-12 20:18:56 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

 

-c--a-w 267,048 2007-11-15 18:11:04 c:\program files\iTunes\bak\iTunesHelper.exe

----a-w 289,576 2008-09-10 21:40:06 c:\program files\iTunes\iTunesHelper.exe

 

-c--a-w 286,720 2007-11-15 04:43:10 c:\program files\QuickTime\bak\qttask.exe

----a-w 413,696 2008-09-06 19:09:14 c:\program files\QuickTime\QTTask.exe

 

-c--a-w 24,677 2008-01-18 18:55:14 c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe.vir

 

-c--a-w 28,672 2008-01-18 18:55:14 c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir

 

-c--a-w 15,360 2006-02-28 12:00:00 c:\windows\system32\bak\ctfmon.exe

----a-w 15,360 2006-02-28 12:00:00 c:\windows\system32\ctfmon.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-06 50528]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"realtekg"="c:\documents and settings\Matt\Application Data\Google\djvlg2072387.exe" [N/A]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]

"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-16 67128]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[N/A]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

 

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-06 24652]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-11-10 31872]

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{0A37553A-47E0-4DED-9E6C-C28DBA0623ED} - (no file)

BHO-{0FD5AACA-2889-41D7-946E-71E0261E3864} - (no file)

BHO-{210DC660-F116-4774-9BA2-C56FEAABFD1D} - (no file)

BHO-{2872C512-ADF5-4515-9C39-224A8D2987F9} - (no file)

BHO-{3EB962CE-75D6-4592-BD08-A23F49F6610E} - (no file)

BHO-{5329D1BA-32D8-4A5F-9A77-E3447380DF93} - (no file)

BHO-{558DB326-423A-45B5-84AC-2E5357719999} - (no file)

BHO-{77AB59B4-55A3-4737-9FD5-B93C6430BF78} - c:\windows\system32\puqmikmu.dll

BHO-{833903C7-45DE-403B-9B23-F3792CB4B7BA} - (no file)

BHO-{887F807A-FD61-4BA9-8B32-43F9C2B419CD} - (no file)

BHO-{8fdcaf36-75df-46ac-8953-045208055d12} - (no file)

BHO-{9929C055-C9CD-449E-B825-C6604E310B59} - (no file)

BHO-{A5E43579-0124-4698-AD0A-30CD255B0CFD} - (no file)

BHO-{A88DFF3E-89CD-4A33-8D31-54F0337C377E} - (no file)

BHO-{C0165D8E-DD45-4588-BE9B-873EBD47C3C2} - (no file)

BHO-{C911F231-752D-48E2-8C5C-06CD005DA6DA} - (no file)

BHO-{CC78093F-E96C-43B9-BF66-95640F9C55A6} - c:\windows\system32\mlJDtuvS.dll

BHO-{FACE5056-7C78-449E-ADFD-5E66484216D7} - (no file)

BHO-{FF0AB58E-514E-4342-8365-3031E98ECDF4} - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

IE: &Search - ?p=ZJxdm221MHUS

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-17 13:38:42

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\GTGina.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

c:\program files\AIM6\aolsoftware.exe

c:\windows\system32\msiexec.exe

c:\windows\SoftwareDistribution\Download\Install\windows-kb890830-v2.4-delta.exe

d:\0406bdce1eb43612c2d4e5e489\mrtstub.exe

c:\windows\system32\MRT.exe

.

**************************************************************************

.

Completion time: 2009-01-17 13:48:30 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-17 18:48:21

 

Pre-Run: 32,071,106,560 bytes free

Post-Run: 32,134,770,688 bytes free

 

297 --- E O F --- 2008-10-24 07:03:20

 

 

Here is the log that came up from RSIT

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-17 13:59:16

Microsoft Windows XP Professional Service Pack 2

System drive C: has 31 GB (78%) free of 39 GB

Total RAM: 511 MB (35% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:32 PM, on 1/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [realtekg] "C:\Documents and Settings\Matt\Application Data\Google\djvlg2072387.exe" 2

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - ?p=ZJxdm221MHUS

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 8074 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"realtekg"=C:\Documents and Settings\Matt\Application Data\Google\djvlg2072387.exe 2 []

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

======List of files/folders created in the last 1 months======

 

2009-01-17 13:48:32 ----A---- C:\ComboFix.txt

2009-01-17 13:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-01-17 13:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-01-17 13:43:28 ----D---- C:\WINDOWS\LastGood

2009-01-17 13:23:06 ----A---- C:\WINDOWS\zip.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\sed.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\grep.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 13:20:10 ----D---- C:\WINDOWS\ERDNT

2009-01-17 13:20:09 ----D---- C:\Qoobox

2009-01-17 13:19:18 ----D---- C:\32788R22FWJFW

2009-01-17 03:49:45 ----D---- C:\rsit

2009-01-17 03:47:47 ----D---- C:\Program Files\Trend Micro

2009-01-17 01:22:10 ----A---- C:\Documents and Settings\Matt\Application Data\upd.exe

2009-01-16 23:12:49 ----ASH---- C:\WINDOWS\system32\plomdkff.ini

2009-01-15 19:12:28 ----ASH---- C:\WINDOWS\system32\jcvdmbev.ini

2009-01-15 19:07:21 ----A---- C:\WINDOWS\system32\detohclc.dll

2009-01-15 17:08:40 ----ASH---- C:\WINDOWS\system32\mqmejdip.ini

2009-01-12 19:35:21 ----ASH---- C:\WINDOWS\system32\pcuoxdui.ini

2009-01-11 19:35:21 ----ASH---- C:\WINDOWS\system32\njgaguqi.ini

2009-01-10 19:35:21 ----ASH---- C:\WINDOWS\system32\qfoybdbu.ini

2009-01-09 19:38:21 ----ASH---- C:\WINDOWS\system32\frcromlm.ini

2009-01-08 19:39:00 ----ASH---- C:\WINDOWS\system32\oefolwmq.ini

2009-01-06 20:06:32 ----ASH---- C:\WINDOWS\system32\dgltvppc.ini

2008-12-31 20:19:41 ----ASH---- C:\WINDOWS\system32\wqywayay.ini

2008-12-31 02:58:41 ----ASH---- C:\WINDOWS\system32\lkechepf.ini

2008-12-30 02:57:49 ----ASH---- C:\WINDOWS\system32\ipofvvsb.ini

2008-12-27 03:21:45 ----ASH---- C:\WINDOWS\system32\qihxxfvf.ini

2008-12-26 03:23:48 ----ASH---- C:\WINDOWS\system32\crcuxmvt.ini

2008-12-25 03:20:49 ----ASH---- C:\WINDOWS\system32\cqjgjkpj.ini

2008-12-24 03:23:33 ----ASH---- C:\WINDOWS\system32\nwmaochj.ini

2008-12-23 03:25:46 ----ASH---- C:\WINDOWS\system32\chpfxwuj.ini

2008-12-22 03:22:51 ----ASH---- C:\WINDOWS\system32\hsxcehxn.ini

2008-12-21 03:21:39 ----ASH---- C:\WINDOWS\system32\wyabskee.ini

 

======List of files/folders modified in the last 1 months======

 

2009-01-17 13:50:10 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-17 13:50:04 ----D---- C:\WINDOWS\Temp

2009-01-17 13:50:03 ----HD---- C:\WINDOWS\inf

2009-01-17 13:50:03 ----D---- C:\WINDOWS\system32

2009-01-17 13:50:02 ----D---- C:\WINDOWS\Help

2009-01-17 13:50:01 ----D---- C:\WINDOWS

2009-01-17 13:48:46 ----D---- C:\WINDOWS\system32\drivers

2009-01-17 13:45:40 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-17 13:45:34 ----A---- C:\WINDOWS\imsins.BAK

2009-01-17 13:43:25 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-17 13:42:28 ----SHD---- C:\WINDOWS\Installer

2009-01-17 13:42:28 ----HD---- C:\Config.Msi

2009-01-17 13:42:25 ----D---- C:\WINDOWS\WinSxS

2009-01-17 13:38:53 ----A---- C:\WINDOWS\system.ini

2009-01-17 13:36:33 ----D---- C:\WINDOWS\system32\config

2009-01-17 13:28:57 ----D---- C:\WINDOWS\AppPatch

2009-01-17 13:28:57 ----D---- C:\Program Files\Common Files

2009-01-17 13:28:03 ----D---- C:\Documents and Settings\Matt\Application Data\Twain

2009-01-17 13:27:59 ----D---- C:\Documents and Settings\Matt\Application Data\Google

2009-01-17 13:26:37 ----RD---- C:\Program Files

2009-01-17 13:24:25 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-17 13:20:11 ----D---- C:\WINDOWS\Prefetch

2009-01-17 06:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-17 03:34:57 ----A---- C:\WINDOWS\wininit.ini

2009-01-16 23:12:16 ----A---- C:\WINDOWS\system32\9b605a4a-.txt

2009-01-15 19:19:10 ----D---- C:\Documents and Settings\Matt\Application Data\BitTorrent

2008-12-27 02:23:40 ----D---- C:\WINDOWS\network diagnostic

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-02 20747]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]

R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]

R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]

S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

 

-----------------EOF-----------------

 

 

and im downloading avast as we speak

Share this post


Link to post
Share on other sites

hi the first thing i would do is this

 

download Malwarebytes' Anti-Malware to your desktop

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

After running MBAM, create a new HJT log.

Post it & MBAM's log here

 

 

 

I didnt even see this post sorry. I now have downloaded the program and here are the logs.

 

Frommm malwarebytes anti malware

 

Malwarebytes' Anti-Malware 1.33

Database version: 1663

Windows 5.1.2600 Service Pack 2

 

1/17/2009 2:18:19 PM

mbam-log-2009-01-17 (14-18-19).txt

 

Scan type: Quick Scan

Objects scanned: 47056

Time elapsed: 4 minute(s), 22 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 34

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\system32\rjvaieoa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aoeiavjr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ccyjylvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\exuoxxmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ezhxps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gihima.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mpvpssru.dll (Trojan.ConHook) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nqhiyrmv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pzyiah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qfxrbyxo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\riwmlqtx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sbivok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tepwgmmh.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\utilsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtqbv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bclsuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\detohclc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\grpypa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mnrdufoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tprddvux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\juerlv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jyrzle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bqbcwsqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\scpzno.dll (Trojan.ConHook) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ybzief.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yjjuywvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ytpfdqel.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ifhblx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uhhphgkx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fruoshvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUOfFvW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lhnsmuce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xfubrt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Matt\Application Data\Microsoft\Windows\rgnwq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

heres the new hijackthis log

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-17 14:19:15

Microsoft Windows XP Professional Service Pack 2

System drive C: has 31 GB (78%) free of 39 GB

Total RAM: 511 MB (40% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:19:32 PM, on 1/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [realtekg] "C:\Documents and Settings\Matt\Application Data\Google\djvlg2072387.exe" 2

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - ?p=ZJxdm221MHUS

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 8710 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"realtekg"=C:\Documents and Settings\Matt\Application Data\Google\djvlg2072387.exe 2 []

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-06 50528]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

======List of files/folders created in the last 1 months======

 

2009-01-17 14:07:56 ----SHD---- C:\RECYCLER

2009-01-17 14:07:39 ----D---- C:\Documents and Settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-17 14:07:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-17 14:03:49 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-01-17 14:03:46 ----D---- C:\Program Files\Alwil Software

2009-01-17 13:48:32 ----A---- C:\ComboFix.txt

2009-01-17 13:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-01-17 13:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-01-17 13:43:28 ----D---- C:\WINDOWS\LastGood

2009-01-17 13:23:06 ----A---- C:\WINDOWS\zip.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\sed.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\grep.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 13:20:10 ----D---- C:\WINDOWS\ERDNT

2009-01-17 13:20:09 ----D---- C:\Qoobox

2009-01-17 13:19:18 ----D---- C:\32788R22FWJFW

2009-01-17 03:49:45 ----D---- C:\rsit

2009-01-17 03:47:47 ----D---- C:\Program Files\Trend Micro

2009-01-17 01:22:10 ----A---- C:\Documents and Settings\Matt\Application Data\upd.exe

2009-01-16 23:12:49 ----ASH---- C:\WINDOWS\system32\plomdkff.ini

2009-01-15 19:12:28 ----ASH---- C:\WINDOWS\system32\jcvdmbev.ini

2009-01-15 17:08:40 ----ASH---- C:\WINDOWS\system32\mqmejdip.ini

2009-01-12 19:35:21 ----ASH---- C:\WINDOWS\system32\pcuoxdui.ini

2009-01-11 19:35:21 ----ASH---- C:\WINDOWS\system32\njgaguqi.ini

2009-01-10 19:35:21 ----ASH---- C:\WINDOWS\system32\qfoybdbu.ini

2009-01-09 19:38:21 ----ASH---- C:\WINDOWS\system32\frcromlm.ini

2009-01-08 19:39:00 ----ASH---- C:\WINDOWS\system32\oefolwmq.ini

2009-01-06 20:06:32 ----ASH---- C:\WINDOWS\system32\dgltvppc.ini

2008-12-31 20:19:41 ----ASH---- C:\WINDOWS\system32\wqywayay.ini

2008-12-31 02:58:41 ----ASH---- C:\WINDOWS\system32\lkechepf.ini

2008-12-30 02:57:49 ----ASH---- C:\WINDOWS\system32\ipofvvsb.ini

2008-12-27 03:21:45 ----ASH---- C:\WINDOWS\system32\qihxxfvf.ini

2008-12-26 03:23:48 ----ASH---- C:\WINDOWS\system32\crcuxmvt.ini

2008-12-25 03:20:49 ----ASH---- C:\WINDOWS\system32\cqjgjkpj.ini

2008-12-24 03:23:33 ----ASH---- C:\WINDOWS\system32\nwmaochj.ini

2008-12-23 03:25:46 ----ASH---- C:\WINDOWS\system32\chpfxwuj.ini

2008-12-22 03:22:51 ----ASH---- C:\WINDOWS\system32\hsxcehxn.ini

2008-12-21 03:21:39 ----ASH---- C:\WINDOWS\system32\wyabskee.ini

 

======List of files/folders modified in the last 1 months======

 

2009-01-17 14:18:19 ----D---- C:\WINDOWS\system32

2009-01-17 14:07:35 ----D---- C:\WINDOWS\system32\drivers

2009-01-17 14:07:30 ----RD---- C:\Program Files

2009-01-17 14:04:19 ----D---- C:\WINDOWS\system32\config

2009-01-17 13:50:10 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-17 13:50:04 ----D---- C:\WINDOWS\Temp

2009-01-17 13:50:03 ----HD---- C:\WINDOWS\inf

2009-01-17 13:50:03 ----D---- C:\WINDOWS\Help

2009-01-17 13:50:01 ----D---- C:\WINDOWS

2009-01-17 13:45:40 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-17 13:45:34 ----A---- C:\WINDOWS\imsins.BAK

2009-01-17 13:43:25 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-17 13:42:28 ----SHD---- C:\WINDOWS\Installer

2009-01-17 13:42:28 ----HD---- C:\Config.Msi

2009-01-17 13:42:25 ----D---- C:\WINDOWS\WinSxS

2009-01-17 13:38:53 ----A---- C:\WINDOWS\system.ini

2009-01-17 13:28:57 ----D---- C:\WINDOWS\AppPatch

2009-01-17 13:28:57 ----D---- C:\Program Files\Common Files

2009-01-17 13:28:03 ----D---- C:\Documents and Settings\Matt\Application Data\Twain

2009-01-17 13:27:59 ----D---- C:\Documents and Settings\Matt\Application Data\Google

2009-01-17 13:24:25 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-17 13:20:11 ----D---- C:\WINDOWS\Prefetch

2009-01-17 06:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-17 03:34:57 ----A---- C:\WINDOWS\wininit.ini

2009-01-16 23:12:16 ----A---- C:\WINDOWS\system32\9b605a4a-.txt

2009-01-15 19:19:10 ----D---- C:\Documents and Settings\Matt\Application Data\BitTorrent

2008-12-27 02:23:40 ----D---- C:\WINDOWS\network diagnostic

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-02 20747]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]

R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]

R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]

S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Welcome back

 

Please don't run any tools that was not instructed by me to do so.

 

 

# Open Spybot Search & Destroy.

# In the Mode menu click "Advanced mode" if not already selected.

# Choose "Yes" at the Warning prompt.

# Expand the "Tools" menu.

# Click "Resident".

# Uncheck the "Resident "TeaTimer" (Protection of overall system settings)

active." box.

# In the File menu click "Exit" to exit Spybot Search & Destroy.

 

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O4 - HKLM\..\Run: [realtekg] "C:\Documents and Settings\Matt\Application Data\Google\djvlg2072387.exe" 2

O8 - Extra context menu item: &Search - ?p=ZJxdm221MHUS

 

 

 

 

 

 

 

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

KillAll::

 

File::

c:\documents and settings\Matt\Application Data\Google\djvlg2072387.exe

C:\WINDOWS\system32\plomdkff.ini

C:\WINDOWS\system32\jcvdmbev.ini

C:\WINDOWS\system32\mqmejdip.ini

C:\WINDOWS\system32\pcuoxdui.ini

C:\WINDOWS\system32\njgaguqi.ini

C:\WINDOWS\system32\qfoybdbu.ini

C:\WINDOWS\system32\frcromlm.ini

C:\WINDOWS\system32\oefolwmq.ini

C:\WINDOWS\system32\dgltvppc.ini

C:\WINDOWS\system32\wqywayay.ini

C:\WINDOWS\system32\lkechepf.ini

C:\WINDOWS\system32\ipofvvsb.ini

C:\WINDOWS\system32\qihxxfvf.ini

C:\WINDOWS\system32\crcuxmvt.ini

C:\WINDOWS\system32\cqjgjkpj.ini

C:\WINDOWS\system32\nwmaochj.ini

C:\WINDOWS\system32\chpfxwuj.ini

C:\WINDOWS\system32\hsxcehxn.ini

C:\WINDOWS\system32\wyabskee.ini

 

AWF::

c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

c:\program files\DNA\bak\btdna.exe

c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

c:\program files\iTunes\bak\iTunesHelper.exe

c:\program files\QuickTime\bak\qttask.exe

c:\windows\system32\bak\ctfmon.exe

 

Folder::

c:\program files\Adobe\Reader 8.0\Reader\bak

c:\documents and settings\Matt\Application Data\Twain

c:\program files\Common Files\Real\Update_OB\bak

c:\program files\DNA\bak

c:\program files\HP\HP Software Update\bak

c:\program files\HP\hpcoretech\bak

c:\program files\iTunes\bak

c:\program files\QuickTime\bak

c:\windows\system32\bak

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"realtekg"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\drivers\\svchost.exe"=-

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

 

 

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program

as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

========================

 

 

 

NEXT**

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.

The below scan can take up to an hour or longer, please be patient.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

 

Other available links

Kaspersky Online Scanner or from here

http://www.kaspersky.com/virusscanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition

    files.

  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)

    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:

Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in

your reply.

 

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

 

(Note.. for Internet Explorer 7 users:

If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

In your next reply post:

ComboFix.txt

Kaspersky log

New HJT log taken after the above scans have run

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

 

 

Also, how is the computer now?

Share this post


Link to post
Share on other sites

alright I have done everything you asked. Now I will post the three logs in their own posts starting with this one. And as for my computer, it seems to be running alot more smoothly however I have been avoiding using it for much else other than this board and the recommendations youve given me.

 

here is the COMBOFIX LOG

 

ComboFix 09-01-17.03 - Matt 2009-01-17 23:54:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.216 [GMT -5:00]

Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe

AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning disabled* (Updated)

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\chpfxwuj.ini

c:\windows\system32\cqjgjkpj.ini

c:\windows\system32\crcuxmvt.ini

c:\windows\system32\dgltvppc.ini

c:\windows\system32\dvylkhkh.ini

c:\windows\system32\ebasjdle.ini

c:\windows\system32\frcromlm.ini

c:\windows\system32\fvafwptt.ini

c:\windows\system32\gmuhppep.ini

c:\windows\system32\gxodkkiv.ini

c:\windows\system32\hsxcehxn.ini

c:\windows\system32\iauerhek.ini

c:\windows\system32\ilwtlngg.ini

c:\windows\system32\ipofvvsb.ini

c:\windows\system32\jcvdmbev.ini

c:\windows\system32\kpsceqvi.ini

c:\windows\system32\kwrobowg.ini

c:\windows\system32\kyjypvme.ini

c:\windows\system32\lkechepf.ini

c:\windows\system32\miwwessh.ini

c:\windows\system32\mqmejdip.ini

c:\windows\system32\nbsickmm.ini

c:\windows\system32\ncwqvkaf.ini

c:\windows\system32\njgaguqi.ini

c:\windows\system32\ntnefahx.ini

c:\windows\system32\nwmaochj.ini

c:\windows\system32\oefolwmq.ini

c:\windows\system32\ooyoqqnw.ini

c:\windows\system32\pcuoxdui.ini

c:\windows\system32\plomdkff.ini

c:\windows\system32\qfoybdbu.ini

c:\windows\system32\qihxxfvf.ini

c:\windows\system32\toyhfxdr.ini

c:\windows\system32\uqofumyl.ini

c:\windows\system32\wmlphtyr.ini

c:\windows\system32\wqywayay.ini

c:\windows\system32\wwvieeab.ini

c:\windows\system32\wyabskee.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))

.

 

2009-01-17 14:41 . 2009-01-17 14:41 142 --a------ c:\windows\system32\spupdsvc.inf

2009-01-17 14:40 . 2009-01-17 14:40 <DIR> d-------- c:\windows\LastGood

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\documents and settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-17 14:07 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-17 14:07 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-17 14:03 . 2009-01-17 14:03 <DIR> d-------- c:\program files\Alwil Software

2009-01-17 03:49 . 2009-01-17 03:50 <DIR> d-------- C:\rsit

2009-01-17 03:47 . 2009-01-17 03:47 <DIR> d-------- c:\program files\Trend Micro

2009-01-17 01:22 . 2009-01-17 01:22 49,152 --a------ c:\documents and settings\Matt\Application Data\upd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-17 18:28 --------- d-----w c:\documents and settings\Matt\Application Data\Twain

2009-01-17 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-01-16 00:19 --------- d-----w c:\documents and settings\Matt\Application Data\BitTorrent

2008-12-05 00:18 --------- d-----w c:\program files\DivX

2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys

2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys

2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-21 21:47 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-11-21 21:47 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-11-21 21:47 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-11-21 21:46 200,704 -c--a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 -c--a-w c:\windows\system32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-19 00:56 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-11-19 00:55 --------- d-----w c:\program files\Java

2008-06-01 21:17 168 --sha-r c:\windows\system32\492069A402.sys

2008-06-01 21:17 2,984 -csha-w c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( [email protected]_13.44.29.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2009-01-17 18:42:27 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe

+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr

- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll

+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll

- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys

- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll

- 2007-04-10 19:00:46 236,928 -c----w c:\windows\system32\dllcache\WgaLogon.dll

+ 2008-09-06 04:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll

- 2007-04-10 19:01:18 336,768 -c----w c:\windows\system32\dllcache\WgaTray.exe

+ 2008-09-06 04:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe

- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys

+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys

+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys

+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys

+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys

+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys

+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys

- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

- 2007-04-24 16:32:06 1,485,696 ----a-w c:\windows\system32\LegitCheckControl.dll

+ 2008-09-06 04:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll

- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe

+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll

- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll

+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll

+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll

+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll

- 2007-04-10 19:01:18 336,768 ----a-w c:\windows\system32\WgaTray.exe

+ 2008-09-06 04:29:58 917,032 ----a-w c:\windows\system32\WgaTray.exe

- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll

+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll

- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe

- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll

+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll

- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll

+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll

- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll

- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll

+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll

+ 2009-01-17 19:31:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d0.dat

+ 2009-01-17 19:31:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b8.dat

+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

-c--a-w 39,792 2007-10-11 00:51:56 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

 

-c--a-w 185,632 2008-01-18 06:48:16 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

 

-c--a-w 290,112 2007-12-23 03:54:37 c:\program files\DNA\bak\btdna.exe

 

-c--a-w 49,152 2004-02-12 18:38:56 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

 

-c--a-w 241,664 2004-05-12 20:18:56 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

 

-c--a-w 267,048 2007-11-15 18:11:04 c:\program files\iTunes\bak\iTunesHelper.exe

----a-w 289,576 2008-09-10 21:40:06 c:\program files\iTunes\iTunesHelper.exe

 

-c--a-w 286,720 2007-11-15 04:43:10 c:\program files\QuickTime\bak\qttask.exe

----a-w 413,696 2008-09-06 19:09:14 c:\program files\QuickTime\QTTask.exe

 

-c--a-w 24,677 2008-01-18 18:55:14 c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe.vir

 

-c--a-w 28,672 2008-01-18 18:55:14 c:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir

 

-c--a-w 15,360 2006-02-28 12:00:00 c:\windows\system32\bak\ctfmon.exe

----a-w 15,360 2006-02-28 12:00:00 c:\windows\system32\ctfmon.exe

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

"Aim6"="" [N/A]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-16 67128]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-17 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-17 20560]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-06 24652]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-11-10 31872]

S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-11-11 23856]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - AAVMKER4

*NewlyCreated* - ASWFSBLK

*NewlyCreated* - ASWMON2

*NewlyCreated* - ASWRDR

*NewlyCreated* - ASWSP

*NewlyCreated* - ASWTDI

*NewlyCreated* - ASWUPDSV

*NewlyCreated* - AVAST!_ANTIVIRUS

*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER

*NewlyCreated* - GTNDIS5

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-17 23:56:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\GTGina.dll

.

Completion time: 2009-01-17 23:59:52

ComboFix-quarantined-files.txt 2009-01-18 04:59:47

ComboFix2.txt 2009-01-17 18:48:32

 

Pre-Run: 31,898,382,336 bytes free

Post-Run: 31,930,966,016 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

266 --- E O F --- 2009-01-17 19:42:00

Share this post


Link to post
Share on other sites

This is from the Online Kscan

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, January 18, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, January 18, 2009 03:45:11

Records in database: 1639848

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 57801

Threat name: 28

Infected objects: 43

Suspicious objects: 0

Duration of the scan: 01:35:02

 

 

File name / Threat name / Threats count

C:\Program Files\eSoftware\studio.dll Infected: not-a-virus:AdWare.Win32.SurfSide.bj 1

C:\Qoobox\Quarantine\C\Documents and Settings\Matt\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.amyy 1

C:\Qoobox\Quarantine\C\Documents and Settings\Matt\Application Data\Google\lrpfwl.dll.vir Infected: Trojan.Win32.Inject.lqv 1

C:\Qoobox\Quarantine\C\Documents and Settings\Matt\Application Data\SpeedRunner\SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.alda 1

C:\Qoobox\Quarantine\C\Documents and Settings\Matt\Application Data\SpeedRunner\SRUninstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.aldb 1

C:\Qoobox\Quarantine\C\Documents and Settings\Matt\Application Data\Twain\Twain.exe.vir Infected: Trojan.Win32.Agent.amwr 1

C:\Qoobox\Quarantine\C\Program Files\Mjcore\Mjcore.dll.vir Infected: Trojan-Spy.Win32.Agent.fmi 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3SrchMn.exe.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\cotrykrq.dll.vir Infected: Trojan.Win32.Pakes.mfm 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\cppvtlgd.dll.vir Infected: Trojan.Win32.Monder.aokn 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\cqojtm.dll.vir Infected: Trojan.Win32.Monder.abke 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\cuuyym.dll.vir Infected: Trojan.Win32.Monder.aokh 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\dfdxdv.dll.vir Infected: Trojan.Win32.Monder.amwd 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\eeksbayw.dll.vir Infected: Trojan.Win32.Monder.aghz 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\exvmek.dll.vir Infected: Trojan.Win32.Pakes.mfm 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\hnslfqfd.dll.vir Infected: Trojan.Win32.Monder.abke 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\igcmqrpx.dll.vir Infected: Trojan.Win32.Monder.aokh 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\igqagvwg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gdm 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\irvbilcp.dll.vir Infected: Trojan.Win32.Monder.adyt 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\izvqie.dll.vir Infected: Trojan.Win32.Monder.akko 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\jdcvcsan.dll.vir Infected: Trojan.Win32.Monder.abke 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkjghhf.dll.vir Infected: Trojan.Win32.Monderb.wsx 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\kzeyyu.dll.vir Infected: Trojan.Win32.Monder.aokj 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\lcpjmb.dll.vir Infected: Trojan.Win32.Monder.adyt 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\leobls.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gdm 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\lwugjfmr.dll.vir Infected: Trojan.Win32.Monder.akko 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\lyevdxic.dll.vir Infected: Trojan.Win32.Monder.amwd 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\msansspc.dll.vir Infected: Trojan.Win32.Agent.aojh 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\nogtav.dll.vir Infected: Trojan.Win32.Monder.aiiu 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\obntxpbm.dll.vir Infected: Trojan.Win32.Monder.aokj 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\puqmikmu.dll.vir Infected: Trojan.Win32.Monder.acfb 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\sxzhte.dll.vir Infected: Trojan.Win32.Monder.abup 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\tdhouocs.dll.vir Infected: Trojan.Win32.Monder.abup 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\utjvhhev.dll.vir Infected: Trojan.Win32.Monder.acja 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\uvqiak.dll.vir Infected: Trojan.Win32.Monder.aiiq 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\vaykcddk.dll.vir Infected: Trojan.Win32.Monder.aiiu 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\vkkaryyh.dll.vir Infected: Trojan.Win32.Monder.aiiq 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\yjjdrl.dll.vir Infected: Trojan.Win32.Monder.abke 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\yqafjt.dll.vir Infected: Trojan.Win32.Monder.acja 1

C:\Qoobox\Quarantine\C\WINDOWS\TWF0dGhldw\asappsrv.dll.vir.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1

C:\Qoobox\Quarantine\C\WINDOWS\TWF0dGhldw\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1

D:\backup\desktop :filtered:\msinfo.vbs Infected: Trojan.VBS.Runner.w 1

 

The selected area was scanned.

Share this post


Link to post
Share on other sites

HiJack this LOG after all of the above was completed. Thanks so much for the help so far, looking forward to the next suggestions.

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-18 02:43:53

Microsoft Windows XP Professional Service Pack 2

System drive C: has 30 GB (78%) free of 39 GB

Total RAM: 511 MB (64% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:44:28 AM, on 1/18/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 8187 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"= []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

======List of files/folders created in the last 1 months======

 

2009-01-18 00:16:16 ----SHD---- C:\RECYCLER

2009-01-17 23:59:54 ----A---- C:\ComboFix.txt

2009-01-17 23:45:18 ----A---- C:\Boot.bak

2009-01-17 23:45:08 ----RASHD---- C:\cmdcons

2009-01-17 14:40:23 ----D---- C:\WINDOWS\LastGood

2009-01-17 14:07:39 ----D---- C:\Documents and Settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-17 14:07:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-17 14:03:49 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-01-17 14:03:46 ----D---- C:\Program Files\Alwil Software

2009-01-17 13:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-01-17 13:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-01-17 13:23:06 ----A---- C:\WINDOWS\zip.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\sed.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\grep.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 13:20:10 ----D---- C:\WINDOWS\ERDNT

2009-01-17 13:20:09 ----D---- C:\Qoobox

2009-01-17 03:49:45 ----D---- C:\rsit

2009-01-17 03:47:47 ----D---- C:\Program Files\Trend Micro

2009-01-17 01:22:10 ----A---- C:\Documents and Settings\Matt\Application Data\upd.exe

 

======List of files/folders modified in the last 1 months======

 

2009-01-18 02:44:08 ----D---- C:\WINDOWS\Prefetch

2009-01-18 00:00:09 ----D---- C:\WINDOWS\Temp

2009-01-18 00:00:00 ----D---- C:\WINDOWS\system32

2009-01-17 23:59:58 ----D---- C:\WINDOWS

2009-01-17 23:56:24 ----A---- C:\WINDOWS\system.ini

2009-01-17 23:55:16 ----D---- C:\WINDOWS\system32\drivers

2009-01-17 23:55:15 ----D---- C:\WINDOWS\AppPatch

2009-01-17 23:55:15 ----D---- C:\Program Files\Common Files

2009-01-17 23:45:18 ----RASH---- C:\boot.ini

2009-01-17 23:43:35 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-17 23:42:04 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-17 18:56:03 ----HD---- C:\WINDOWS\inf

2009-01-17 18:55:47 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-17 14:42:22 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-17 14:41:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-17 14:07:30 ----RD---- C:\Program Files

2009-01-17 14:04:19 ----D---- C:\WINDOWS\system32\config

2009-01-17 13:50:03 ----D---- C:\WINDOWS\Help

2009-01-17 13:45:34 ----A---- C:\WINDOWS\imsins.BAK

2009-01-17 13:42:28 ----SHD---- C:\WINDOWS\Installer

2009-01-17 13:42:28 ----HD---- C:\Config.Msi

2009-01-17 13:42:25 ----D---- C:\WINDOWS\WinSxS

2009-01-17 13:28:03 ----D---- C:\Documents and Settings\Matt\Application Data\Twain

2009-01-17 13:27:59 ----D---- C:\Documents and Settings\Matt\Application Data\Google

2009-01-17 06:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-17 03:34:57 ----A---- C:\WINDOWS\wininit.ini

2009-01-16 23:12:16 ----A---- C:\WINDOWS\system32\9b605a4a-.txt

2009-01-15 19:19:10 ----D---- C:\Documents and Settings\Matt\Application Data\BitTorrent

2008-12-27 02:23:40 ----D---- C:\WINDOWS\network diagnostic

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-02 20747]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]

R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]

R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]

S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []

S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2006-09-25 23856]

S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

 

-----------------EOF-----------------

Edited by zid

Share this post


Link to post
Share on other sites

Welcome back

 

 

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

 

 

 

 

P2P software/programs are a major contributor to infections. I see you have BitTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

References for the risk of these programs can also be found

Here and Here

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

 

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system.

 

 

 

 

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application.

If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.

Your call

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the

following programs if present:

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

 

 

 

 

NEXT**

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

 

 

Please go to: VirusTotal

  • Posted Image

     

     

     

  • Click the Browse button and search for the following file: c:\documents and settings\Matt\Application Data\upd.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

 

 

 

 

 

******************

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

File::

C:\Program Files\eSoftware\studio.dll

D:\backup\desktop :filtered:\msinfo.vbs

 

Folder::

c:\documents and settings\Matt\Application Data\Twain

c:\program files\Adobe\Reader 8.0\Reader\bak

c:\program files\Common Files\Real\Update_OB\bak

c:\program files\DNA\bak

c:\program files\HP\HP Software Update\bak

c:\program files\HP\hpcoretech\bak

c:\program files\iTunes\bak

c:\program files\QuickTime\bak

c:\windows\system32\bak

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

In your next reply post:

ComboFix.txt

New HJT log

 

 

 

How's the computer now?

Share this post


Link to post
Share on other sites

Here are my three new logs. the computer is faster upon startup and browsing (the little ive been doing) seems faster as well. no popups or restarts either.

 

FROM VIRUSTOTAL

 

 

Antivirus Version Last Update Result

a-squared 4.0.0.73 2009.01.18 Trojan-Downloader.Win32.Small!IK

AhnLab-V3 2009.1.15.0 2009.01.17 -

AntiVir 7.9.0.57 2009.01.18 TR/Crypt.XPACK.Gen

Authentium 5.1.0.4 2009.01.18 -

Avast 4.8.1281.0 2009.01.16 Win32:Ups

AVG 8.0.0.229 2009.01.18 Win32/Cryptor

BitDefender 7.2 2009.01.18 -

CAT-QuickHeal 10.00 2009.01.17 -

ClamAV 0.94.1 2009.01.18 -

Comodo 935 2009.01.18 -

DrWeb 4.44.0.09170 2009.01.18 -

eSafe 7.0.17.0 2009.01.18 -

eTrust-Vet 31.6.6312 2009.01.17 -

F-Prot 4.4.4.56 2009.01.18 -

F-Secure 8.0.14470.0 2009.01.18 -

Fortinet 3.117.0.0 2009.01.15 -

GData 19 2009.01.18 Win32:Ups

Ikarus T3.1.1.45.0 2009.01.18 Trojan-Downloader.Win32.Small

K7AntiVirus 7.10.594 2009.01.17 -

Kaspersky 7.0.0.125 2009.01.18 -

McAfee 5499 2009.01.18 -

McAfee+Artemis 5499 2009.01.18 -

Microsoft 1.4205 2009.01.18 TrojanDownloader:Win32/Small.IQ

NOD32 3775 2009.01.18 -

Norman 5.93.01 2009.01.16 -

nProtect 2009.1.8.0 2009.01.16 -

Panda 9.5.1.2 2009.01.18 -

PCTools 4.4.2.0 2009.01.18 -

Prevx1 V2 2009.01.18 Cloaked Malware

Rising 21.12.62.00 2009.01.18 -

SecureWeb-Gateway 6.7.6 2009.01.18 Trojan.Crypt.XPACK.Gen

Sophos 4.37.0 2009.01.18 Mal/EncPk-CZ

Sunbelt 3.2.1835.2 2009.01.16 -

Symantec 10 2009.01.18 -

TheHacker 6.3.1.5.223 2009.01.18 -

TrendMicro 8.700.0.1004 2009.01.16 -

VBA32 3.12.8.10 2009.01.18 -

ViRobot 2009.1.17.1563 2009.01.17 -

VirusBuster 4.5.11.0 2009.01.18 -

Additional information

File size: 49152 bytes

MD5...: b13d650ca62d72276a499ba876691991

SHA1..: 03af26ee0aa515b0e1a1e95a7a4f715f4d111df9

SHA256: 58b3c19c1dca96b90e1121bce3a6e446142adebac0524efafb4c3765c3123629

SHA512: 952ec5332d09f029ef160950af7c51df787a87f2553c2cbb0991f9e50edb7a1b

e3152c25fa3794310e2fa0e0da7ef03856f58fd3028f0e8966f6b38f08590b6d

 

ssdeep: 384:MNXw/BcZqh5RVhjpicmCvcS0MJLZSHjEOWPS3JNF8atcT0DCDr22VTojI:4U

j5ppicmQcdMJLoDEC3D+Vt2AU0

 

PEiD..: -

TrID..: File type identification

Win32 Dynamic Link Library (generic) (48.3%)

Win16/32 Executable Delphi generic (13.2%)

Clipper DOS Executable (12.8%)

Generic Win/DOS Executable (12.7%)

DOS Executable Generic (12.7%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x4011db

timedatestamp.....: 0x4835892c (Thu May 22 14:54:36 2008)

machinetype.......: 0x14c (I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1008 0x2000 1.79 25db3ad235f6da8c8c9fc1ec987748eb

.data 0x3000 0x6a89 0x7000 6.48 647eaf30b3bb14fc3bb21a4373a20942

.rdata 0xa000 0x16cf3 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

.edata 0x21000 0xa64 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 0x22000 0x983 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

 

( 4 imports )

> kernel32.dll: Sleep, GlobalFree, lstrcmpiA, GetStringTypeW, GlobalAlloc, GetCPInfo, GetFileSize, SetLastError, GetStdHandle, lstrcpynA, GetLastError, GetDateFormatA, GetFileAttributesA, lstrcpyA, CloseHandle, lstrlenA, GetLocalTime, FreeLibrary, GetCommandLineA, lstrcmpA

> user32.dll: IsMenu, AlignRects, EndDialog, DrawTextW, LoadMenuA, GetDlgItem, DialogBoxParamA, CopyImage, IsWindow, AppendMenuA, CloseWindow, CopyIcon, DrawIcon, DrawIconEx, GetCursor, AppendMenuW, CreateIcon, GetMenu, InsertMenuA

> comctl32.dll: ImageList_GetImageRect, ImageList_Destroy, ImageList_GetIcon, ImageList_Copy, ImageList_LoadImageA, ImageList_Read, ImageList_DragLeave, ImageList_LoadImage, ImageList_DrawEx, ImageList_LoadImageW, ImageList_DragEnter, ImageList_Create, ImageList_DragMove, ImageList_Remove, ImageList_GetIconSize, ImageList_GetImageInfo, ImageList_AddMasked, ImageList_EndDrag

> advapi32.dll: RegDeleteValueW, RegEnumKeyW, RegOpenKeyExA, RegEnumValueA, RegQueryInfoKeyA, RegCreateKeyExW, RegLoadKeyW, RegOpenKeyA, RegOpenKeyW, RegEnumKeyExW, RegOpenKeyExW, RegFlushKey, RegCreateKeyW, RegCreateKeyExA, RegQueryValueA, RegLoadKeyA, RegQueryInfoKeyW, RegEnumKeyA, RegQueryValueW, RegDeleteValueA

 

( 0 exports )

 

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9D96A21B0036D329C00A002DDDE82A0091334B6B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=9D96A21B0036D329C00A002DDDE82A0091334B6B</a>

Share this post


Link to post
Share on other sites

COMBOFIX!

 

ComboFix 09-01-18.01 - Matt 2009-01-18 16:53:26.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.202 [GMT -5:00]

Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)

* Created a new restore point

 

FILE ::

c:\program files\eSoftware\studio.dll

d:\backup\desktop \msinfo.vbs

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Matt\Application Data\Twain

c:\program files\Adobe\Reader 8.0\Reader\bak

c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

c:\program files\Common Files\Real\Update_OB\bak

c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

c:\program files\DNA\bak

c:\program files\DNA\bak\btdna.exe

c:\program files\eSoftware\studio.dll

c:\program files\HP\HP Software Update\bak

c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

c:\program files\HP\hpcoretech\bak

c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

c:\program files\iTunes\bak

c:\program files\iTunes\bak\iTunesHelper.exe

c:\program files\QuickTime\bak

c:\program files\QuickTime\bak\qttask.exe

c:\windows\system32\bak

c:\windows\system32\bak\ctfmon.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))

.

 

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\documents and settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07 . 2009-01-17 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-17 14:07 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-17 14:07 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-17 14:03 . 2009-01-17 14:03 <DIR> d-------- c:\program files\Alwil Software

2009-01-17 03:49 . 2009-01-17 03:50 <DIR> d-------- C:\rsit

2009-01-17 03:47 . 2009-01-17 03:47 <DIR> d-------- c:\program files\Trend Micro

2009-01-17 01:22 . 2009-01-17 01:22 49,152 --a------ c:\documents and settings\Matt\Application Data\upd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-18 21:53 --------- d-----w c:\program files\QuickTime

2009-01-18 21:53 --------- d-----w c:\program files\iTunes

2009-01-18 21:53 --------- d-----w c:\program files\eSoftware

2009-01-18 21:53 --------- d-----w c:\program files\DNA

2009-01-18 21:43 --------- d-----w c:\program files\Real

2009-01-18 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-18 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-01-16 00:19 --------- d-----w c:\documents and settings\Matt\Application Data\BitTorrent

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-05 00:18 --------- d-----w c:\program files\DivX

2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys

2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys

2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-21 21:47 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-11-21 21:47 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-11-21 21:47 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-11-21 21:46 200,704 -c--a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 -c--a-w c:\windows\system32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-19 00:56 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-11-19 00:55 --------- d-----w c:\program files\Java

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-06-01 21:17 168 --sha-r c:\windows\system32\492069A402.sys

2008-06-01 21:17 2,984 -csha-w c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot_2009-01-17_23.57.25.78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll

+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll

- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

- 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll

+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll

- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe

- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys

+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys

- 2006-08-21 14:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll

+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll

- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll

- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll

- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll

- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll

- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe

+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe

- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe

- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll

+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll

- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll

+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll

- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

- 2006-08-21 14:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe

+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe

- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2007-04-10 19:00:46 236,928 ------w c:\windows\system32\WgaLogon.dll

+ 2008-09-06 04:30:42 241,704 ----a-w c:\windows\system32\WgaLogon.dll

- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll

- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll

+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll

+ 2009-01-18 08:23:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_208.dat

+ 2009-01-18 08:23:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-16 67128]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-17 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-17 20560]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-11-10 31872]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - APPMGMT

*NewlyCreated* - GTNDIS5

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Aim6 - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-18 16:55:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\windows\system32\GTGina.dll

.

Completion time: 2009-01-18 16:58:51

ComboFix-quarantined-files.txt 2009-01-18 21:58:33

ComboFix2.txt 2009-01-18 04:59:54

ComboFix3.txt 2009-01-17 18:48:32

 

Pre-Run: 31,884,898,304 bytes free

Post-Run: 31,934,533,632 bytes free

 

345 --- E O F --- 2009-01-18 08:06:19

Share this post


Link to post
Share on other sites

HIJACKTHIS log

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-18 17:05:25

Microsoft Windows XP Professional Service Pack 2

System drive C: has 30 GB (78%) free of 39 GB

Total RAM: 511 MB (40% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:05:41 PM, on 1/18/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 7694 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

======List of files/folders created in the last 1 months======

 

2009-01-18 16:58:53 ----A---- C:\ComboFix.txt

2009-01-18 16:43:01 ----D---- C:\WINDOWS\system32\appmgmt

2009-01-18 03:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-01-18 03:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-01-18 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-18 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-01-18 03:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-01-17 23:45:18 ----A---- C:\Boot.bak

2009-01-17 23:45:08 ----RASHD---- C:\cmdcons

2009-01-17 14:07:39 ----D---- C:\Documents and Settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-17 14:07:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-17 14:03:49 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-01-17 14:03:46 ----D---- C:\Program Files\Alwil Software

2009-01-17 13:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-01-17 13:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-01-17 13:23:06 ----A---- C:\WINDOWS\zip.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\sed.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\grep.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 13:20:10 ----D---- C:\WINDOWS\ERDNT

2009-01-17 13:20:09 ----D---- C:\Qoobox

2009-01-17 03:49:45 ----D---- C:\rsit

2009-01-17 03:47:47 ----D---- C:\Program Files\Trend Micro

2009-01-17 01:22:10 ----A---- C:\Documents and Settings\Matt\Application Data\upd.exe

 

======List of files/folders modified in the last 1 months======

 

2009-01-18 17:05:20 ----D---- C:\WINDOWS\Prefetch

2009-01-18 16:59:08 ----D---- C:\WINDOWS\Temp

2009-01-18 16:58:59 ----D---- C:\WINDOWS\system32

2009-01-18 16:58:57 ----D---- C:\WINDOWS

2009-01-18 16:55:58 ----A---- C:\WINDOWS\system.ini

2009-01-18 16:55:02 ----D---- C:\WINDOWS\system32\drivers

2009-01-18 16:55:01 ----D---- C:\WINDOWS\AppPatch

2009-01-18 16:55:01 ----D---- C:\Program Files\Common Files

2009-01-18 16:53:51 ----D---- C:\Program Files\QuickTime

2009-01-18 16:53:50 ----D---- C:\Program Files\iTunes

2009-01-18 16:53:49 ----D---- C:\Program Files\DNA

2009-01-18 16:53:45 ----D---- C:\Program Files\eSoftware

2009-01-18 16:52:51 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-18 16:50:42 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-18 16:43:31 ----RD---- C:\Program Files

2009-01-18 16:43:01 ----SHD---- C:\WINDOWS\Installer

2009-01-18 16:43:01 ----HD---- C:\Config.Msi

2009-01-18 16:43:01 ----D---- C:\Program Files\Real

2009-01-18 16:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-01-18 07:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-18 03:22:55 ----D---- C:\WINDOWS\system32\config

2009-01-18 03:06:18 ----HD---- C:\WINDOWS\inf

2009-01-18 03:06:04 ----A---- C:\WINDOWS\imsins.BAK

2009-01-18 03:05:57 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-18 03:05:53 ----D---- C:\Program Files\Internet Explorer

2009-01-18 03:05:40 ----D---- C:\WINDOWS\ie7updates

2009-01-18 03:05:30 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-17 23:45:18 ----RASH---- C:\boot.ini

2009-01-17 14:42:22 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-17 13:50:03 ----D---- C:\WINDOWS\Help

2009-01-17 13:42:25 ----D---- C:\WINDOWS\WinSxS

2009-01-17 13:27:59 ----D---- C:\Documents and Settings\Matt\Application Data\Google

2009-01-17 03:34:57 ----A---- C:\WINDOWS\wininit.ini

2009-01-16 23:12:16 ----A---- C:\WINDOWS\system32\9b605a4a-.txt

2009-01-15 19:19:10 ----D---- C:\Documents and Settings\Matt\Application Data\BitTorrent

2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-27 02:23:40 ----D---- C:\WINDOWS\network diagnostic

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-02 20747]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]

R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]

R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]

S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Welcome back

 

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

 

the computer is faster upon startup and browsing (the little ive been doing) seems faster as well. no popups or restarts either.

:tup:

 

Do you have C:\Program Files\Trend Micro\HijackThis on your desktop?

 

 

 

 

Go to My Computer->Tools->Folder Options->View tab:

  • Under the Hidden files and folders heading:

  • Select - Show hidden files and folders.

  • Uncheck- Hide protected operating system files (recommended) option.

  • Also, make sure there is no checkmark beside Hide file extensions for known file types.

  • Click OK. (Remember to Hide files and folders once done)

 

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

 

 

c:\documents and settings\Matt\Application Data\upd.exe

 

 

 

 

 

 

A couple of scans I would like to see the results from

 

Download SDFix or from Here and save it to your Desktop

 

 

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following

:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows

    icon appears, tap the F8 key continually;

  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.cmd to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load

    your desktop icons.

  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the

    forum).

  • Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log

 

 

 

 

 

 

NEXT**

Please download Malwarebytes' Anti-Malware to your desktop

 

Additional Link

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* You can also access the log by doing the following:

 

o Click on the Malwarebytes' Anti-Malware icon to launch the program.

o Click on the Logs tab.

o Click on the log at the bottom of those listed to highlight it.

o Click Open.

 

Tutorial if needed

http://thespykiller.co.uk/index.php/topic,5946.0.html

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

In your next reply post:

SDFix report.txt

Malwarebytes' Anti-Malware log

New HJT log

Edited by Juliet

Share this post


Link to post
Share on other sites

SDFIX report

 

 

SDFix: Version 1.240

Run by Matt on Mon 01/19/2009 at 12:19 AM

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-19 00:29:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"

"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Sun 1 Jun 2008 168 A.SHR --- "C:\WINDOWS\system32\492069A402.sys"

Sun 1 Jun 2008 2,984 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Sun 18 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

Share this post


Link to post
Share on other sites

anti-malware report

 

 

 

 

Malwarebytes' Anti-Malware 1.33

Database version: 1663

Windows 5.1.2600 Service Pack 2

 

1/19/2009 12:49:00 AM

mbam-log-2009-01-19 (00-49-00).txt

 

Scan type: Quick Scan

Objects scanned: 47343

Time elapsed: 5 minute(s), 1 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

annnnd the newest Hijackthis report

 

 

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Matt at 2009-01-19 00:49:23

Microsoft Windows XP Professional Service Pack 2

System drive C: has 30 GB (78%) free of 39 GB

Total RAM: 511 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:49:40 AM, on 1/19/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Matt\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Matt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194763593468

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 7817 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"=Mixer.exe /startup []

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

 

======List of files/folders created in the last 1 months======

 

2009-01-19 00:16:57 ----D---- C:\WINDOWS\ERUNT

2009-01-18 23:52:37 ----D---- C:\SDFix

2009-01-18 17:13:44 ----SHD---- C:\RECYCLER

2009-01-18 16:58:53 ----A---- C:\ComboFix.txt

2009-01-18 16:43:01 ----D---- C:\WINDOWS\system32\appmgmt

2009-01-18 03:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-01-18 03:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-01-18 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-18 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-01-18 03:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-01-17 23:45:18 ----A---- C:\Boot.bak

2009-01-17 23:45:08 ----RASHD---- C:\cmdcons

2009-01-17 14:07:39 ----D---- C:\Documents and Settings\Matt\Application Data\Malwarebytes

2009-01-17 14:07:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-17 14:07:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-17 14:03:49 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-01-17 14:03:46 ----D---- C:\Program Files\Alwil Software

2009-01-17 13:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-01-17 13:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-01-17 13:23:06 ----A---- C:\WINDOWS\zip.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\VFIND.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWSC.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\SWREG.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\sed.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\grep.exe

2009-01-17 13:23:06 ----A---- C:\WINDOWS\fdsv.exe

2009-01-17 13:20:10 ----D---- C:\WINDOWS\ERDNT

2009-01-17 13:20:09 ----D---- C:\Qoobox

2009-01-17 03:49:45 ----D---- C:\rsit

2009-01-17 03:47:47 ----D---- C:\Program Files\Trend Micro

 

======List of files/folders modified in the last 1 months======

 

2009-01-19 00:40:42 ----D---- C:\WINDOWS

2009-01-19 00:39:48 ----D---- C:\WINDOWS\Temp

2009-01-19 00:33:07 ----D---- C:\WINDOWS\Prefetch

2009-01-19 00:19:03 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-18 23:54:45 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-18 16:58:59 ----D---- C:\WINDOWS\system32

2009-01-18 16:55:58 ----A---- C:\WINDOWS\system.ini

2009-01-18 16:55:02 ----D---- C:\WINDOWS\system32\drivers

2009-01-18 16:55:01 ----D---- C:\WINDOWS\AppPatch

2009-01-18 16:55:01 ----D---- C:\Program Files\Common Files

2009-01-18 16:53:51 ----D---- C:\Program Files\QuickTime

2009-01-18 16:53:50 ----D---- C:\Program Files\iTunes

2009-01-18 16:53:49 ----D---- C:\Program Files\DNA

2009-01-18 16:53:45 ----D---- C:\Program Files\eSoftware

2009-01-18 16:50:42 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-18 16:43:31 ----RD---- C:\Program Files

2009-01-18 16:43:01 ----SHD---- C:\WINDOWS\Installer

2009-01-18 16:43:01 ----HD---- C:\Config.Msi

2009-01-18 16:43:01 ----D---- C:\Program Files\Real

2009-01-18 16:42:35 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-01-18 07:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-18 03:22:55 ----D---- C:\WINDOWS\system32\config

2009-01-18 03:06:18 ----HD---- C:\WINDOWS\inf

2009-01-18 03:06:04 ----A---- C:\WINDOWS\imsins.BAK

2009-01-18 03:05:57 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-18 03:05:53 ----D---- C:\Program Files\Internet Explorer

2009-01-18 03:05:40 ----D---- C:\WINDOWS\ie7updates

2009-01-18 03:05:30 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-17 23:45:18 ----RASH---- C:\boot.ini

2009-01-17 14:42:22 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-17 13:50:03 ----D---- C:\WINDOWS\Help

2009-01-17 13:42:25 ----D---- C:\WINDOWS\WinSxS

2009-01-17 13:27:59 ----D---- C:\Documents and Settings\Matt\Application Data\Google

2009-01-17 03:34:57 ----A---- C:\WINDOWS\wininit.ini

2009-01-16 23:12:16 ----A---- C:\WINDOWS\system32\9b605a4a-.txt

2009-01-15 19:19:10 ----D---- C:\Documents and Settings\Matt\Application Data\BitTorrent

2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-27 02:23:40 ----D---- C:\WINDOWS\network diagnostic

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-02 20747]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 catchme;catchme; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys []

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]

R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]

R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]

S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]

S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]

S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Welcome back

 

 

You can delete SDFix

 

 

Looking good, let's finish up.

 

 

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
Example below

Posted Image

 

 

 

 

You can uninstall/delete other tools I had you download earlier.

 

 

 

 

If there are no more issues your good to go, good job!

 

 

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Free Antivirus-AntiSpyware-Firewall Software

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...