Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Pop-ups And Memory Full


  • This topic is locked This topic is locked
6 replies to this topic

#1 dusky_rebel

dusky_rebel

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 08 September 2008 - 03:50 PM

Microsoft XP computer
Pop-ups of all kinds... ads... false errors... false security updates.

Have run Spybot, MalwareBytes, Ad-Adware, Mcafee Stinger in Normal as well as Safe mode.
Each time 10 to 100 infections are found. We have deleted... quarantined....re-started.... even restored system to a previous month... still we are not able to remove them.

I have followed instructions for the hi-jack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:25 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{4A-AF-F5-5E-DW}] c:\windows\system32\rnwnw64n.exe DWram03
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [34d4aff1] rundll32.exe "C:\WINDOWS\system32\kkkwffwk.dll",b
O4 - HKLM\..\Run: [{59048c27-9d00-7e1e-cb00-ebd6c3810002}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\wvlsaihssabtjeqhi.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scntltdl.exe DWram03
O4 - HKLM\..\Run: [BM37e79c6d] Rundll32.exe "C:\WINDOWS\system32\vqoahnfl.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [73287471693500994392430471029138] C:\Program Files\XP Antivirus\xpa.exe
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'Default user')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'Default user')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm028YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs: dffudz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7015 bytes

BC AdBot (Login to Remove)

 


m

#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 08 September 2008 - 04:24 PM

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 09 September 2008 - 07:24 AM

Hello dusky_rebel

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Disable Realtime Protection
To disable Adware:
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
Install Recovery Console and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click NO to skip the scan for now.
Posted Image
  • Click on your Start Menu, then Run.., then type:
    "%userprofile%\desktop\combofix.exe" /killall
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Rename HijackThis Before Taking New Log
I suspect that an infection is hiding some entries from HijackThis. Please rename the program.
  • Double click the My Computer icon on your desktop, then C: Drive, then Program Files, then Trend Micro, then HijackThis.
  • Right click on HijackThis.exe (or just HijackThis if you don't have extensions enabled), and select Rename.
  • Input fluffybunny.exe and hit Enter.
  • Close out of the window
The shortcut on your desktop will need to be changed to point to the newly named HijackThis.
  • Right click the HijackThis icon on your desktop and select Properties.
  • In the Target box, copy in with the qoutes:
    "C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe"
  • Hit OK.
Now take a new log.
  • Double click the HijackThis icon on your desktop.
  • If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.
  • Click the first option, Do a system scan and save a logfile.
  • The scan will finish in a moment and a notepad with hijackthis.txt will open.

Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both C:\rsit\log.txt (<<will be maximized) and
    C:\rsit\info.txt (<<will be minimized)


Please post back with:
-the ComboFix log (C:\ComboFix)
-the RSIT logs

Also comment on how your computer is running. Does it feel better to you? Either way, we will need more steps.

With Regards,
The Panda

#4 dusky_rebel

dusky_rebel
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 11 September 2008 - 07:54 PM

Thank you Panda....

I followed the instructions to run combofix. Here is the log it presented. I didn't think about yahoo, msn, and paltalk were set to auto start. I have since deactivated them.

I have attached the combofix log, the fluffybunny log, the RIST log A and log B.

Please let me know what you find.

Computer function... seems to be running ok... if we do mail etc... but... we are still getting massive pop ups. Though I have to admit while I was entering this information to you ... I have not had one pop up.... so we might just be getting somewhere.

Thanks for all of your help.

Dusky

ComboFix 08-09-10.04 - cathy holloway 2008-09-11 18:29:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.646 [GMT -6:00]
Running from: C:\Documents and Settings\cathy holloway\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\clfgrqld.dll
C:\WINDOWS\SYSTEM32\dbmwhoyi.ini
C:\WINDOWS\system32\dffudz.dll
C:\WINDOWS\system32\dkibxh.dll
C:\WINDOWS\system32\drbtco.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\epiuhuie.dll
C:\WINDOWS\system32\esguiomc.dll
C:\WINDOWS\system32\fskokgtt.dll
C:\WINDOWS\system32\gafekxgi.dll
C:\WINDOWS\system32\gbezxm.dll
C:\WINDOWS\system32\gjdibmfc.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hbnhfned.ini
C:\WINDOWS\system32\hibigyymdntm.dll
C:\WINDOWS\system32\iqgjna.dll
C:\WINDOWS\system32\kqkmvwqd.dll
C:\WINDOWS\system32\lmskho.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\neiibuxr.dll
C:\WINDOWS\system32\oadgfvxy.dll
C:\WINDOWS\system32\oadrnb.dll
C:\WINDOWS\system32\okjkpsgl.dll
C:\WINDOWS\system32\ophzgt.dll
C:\WINDOWS\system32\pgfcddak.dll
C:\WINDOWS\system32\plivywes.dll
C:\WINDOWS\system32\pvuesi.dll
C:\WINDOWS\system32\qkwgjchs.dll
C:\WINDOWS\system32\qvkgwr.dll
C:\WINDOWS\system32\qxhbxydt.dll
C:\WINDOWS\system32\wcjhyvon.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xehzuf.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-09 19:00 . 2008-09-09 19:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-08 20:26 . 2008-09-08 20:35 90,921 --a------ C:\WINDOWS\SYSTEM32\hibigyymdntm.dll-uninst.exe
2008-09-08 18:52 . 2008-09-10 21:26 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-08 18:49 . 2008-09-11 10:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-09-08 18:49 . 2008-09-08 18:49 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-09-08 18:49 . 2008-09-08 18:49 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-09-08 18:49 . 2008-09-08 18:49 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-09-08 18:48 . 2008-09-08 18:48 <DIR> d-------- C:\Program Files\AVG
2008-09-08 18:48 . 2008-09-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-08 14:58 . 2008-09-08 14:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-05 18:29 . 2008-09-05 18:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-05 18:29 . 2008-09-05 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 18:27 . 2008-09-05 18:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 14:26 . 2008-02-01 03:43 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci11701193.dll
2008-09-05 14:24 . 2008-09-05 14:24 <DIR> d-------- C:\Program Files\Logitech
2008-09-05 09:41 . 2008-09-08 16:43 637 --a------ C:\WINDOWS\wininit.ini
2008-09-05 01:30 . 2008-09-05 01:30 9,662 --a------ C:\WINDOWS\SYSTEM32\pinkip.ico
2008-09-04 22:30 . 2008-09-08 17:10 71,755 --a------ C:\WINDOWS\SYSTEM32\gaqkiwyfqfb.exe
2008-09-04 21:27 . 2008-09-05 18:40 <DIR> d--hs---- C:\WINDOWS\Y2F0aHkgaG9sbG93YXk
2008-09-04 21:26 . 2008-09-06 15:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\Xtmp
2008-09-04 21:26 . 2008-09-09 21:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\wTR02
2008-09-04 21:26 . 2008-09-06 15:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\hcp
2008-09-04 21:26 . 2008-09-09 21:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\enB
2008-09-04 21:26 . 2008-09-04 21:27 <DIR> d-------- C:\Temp\dax41
2008-09-04 21:26 . 2008-09-11 18:31 <DIR> d-------- C:\Temp
2008-08-28 07:10 . 2008-08-28 07:10 268 --ah----- C:\sqmdata01.sqm
2008-08-28 07:10 . 2008-08-28 07:10 244 --ah----- C:\sqmnoopt01.sqm
2008-08-22 16:04 . 2008-08-22 16:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-22 16:04 . 2008-08-22 16:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-22 16:04 . 2008-08-22 16:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-22 15:48 . 2008-04-13 18:12 276,992 --a------ C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-08-22 15:48 . 2008-04-13 18:12 69,120 --a------ C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-08-22 15:46 . 2008-04-13 18:11 650,752 --a------ C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-08-13 20:59 . 2008-04-11 13:04 691,712 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 15:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-09 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 02:32 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-05 20:26 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-09-01 23:54 --------- d-----w C:\Program Files\Java
2008-08-30 20:08 --------- d-----w C:\Program Files\LimeWire
2008-08-13 14:14 --------- d-----w C:\Program Files\Dell
2008-08-13 14:13 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-13 14:10 --------- d-----w C:\Program Files\Yahoo! Games
2008-08-05 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\SYSTEM32\LVUI2.dll
2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2008-07-26 15:26 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\SYSTEM32\LVCodec2.dll
2008-07-26 14:25 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2008-07-26 13:44 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2008-07-26 13:44 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2008-07-26 13:44 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2008-07-26 13:44 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2008-07-26 00:49 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 02:20 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 02:20 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-06-25 00:12 295,936 ----a-w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2006-07-13 13:48 913,768 -c--a-w C:\Program Files\Office2003-kb828041-client-enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 118784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-08 1235736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-05-08 10452992]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dffudz.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 Ai2sXP;Ai2sXP;C:\WINDOWS\system32\drivers\Ai2sXP.sys [2005-03-29 7168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-08 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-08 76040]
S1 NWLNKSPXX;NWLNKSPXX;C:\WINDOWS\system32\drivers\NWLNKSPXX.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-23 38472]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0e334c41-cb9f-fef0-bdb8-8410a0e51052} - C:\WINDOWS\system32\hibigyymdntm.dll
BHO-{166BE28B-0297-42F3-80AF-0D756ED7F583} - C:\WINDOWS\system32\qoMCSijI.dll
BHO-{64be15f7-b90d-082b-5c22-a2375f6fe8d7} - C:\WINDOWS\system32\wvlsaihssabtjeqhi.dll
BHO-{eeb391fc-f208-4a82-a4f9-cd77207aac91} - C:\WINDOWS\system32\dffudz.dll
HKCU-Run-DW6 - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-{59048c27-9d00-7e1e-cb00-ebd6c3810002} - C:\WINDOWS\system32\wvlsaihssabtjeqhi.dll
ShellExecuteHooks-{166BE28B-0297-42F3-80AF-0D756ED7F583} - C:\WINDOWS\system32\qoMCSijI.dll
Notify-qoMCSijI - qoMCSijI.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.dell.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Search - ?p=ZJxdm028YYUS
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 18:33:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\SYSTEM32\BAsfIpM.exe
C:\WINDOWS\SYSTEM32\Crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-11 18:36:47 - machine was rebooted [cathy holloway]
ComboFix-quarantined-files.txt 2008-09-12 00:36:39

Pre-Run: 56,466,505,728 bytes free
Post-Run: 56,472,682,496 bytes free

258 --- E O F --- 2008-09-10 00:32:42




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:25 PM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'Default user')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm028YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: dffudz.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9043 bytes




info.txt logfile of random's system information tool 2008-09-11 18:48:25

Uninstall list

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ArcSoft PhotoImpression 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9092875A-D6E1-4B76-84F5-F9C0C6E14D10}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Enhancement Browser Tools Agadoo-->C:\WINDOWS\system32\gaqkiwyfqfb.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JAWS 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D72A1EA3-07BB-4EF2-9B53-A466998565EB}\Setup.exe"
Lexmark 4200 Series Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
Lexmark 4200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
LimeWire 4.18.1-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MySidesearch Search Assistant Adzgalore-->C:\WINDOWS\system32\hibigyymdntm.dll-uninst.exe
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}




Logfile of random's system information tool (written by random/random)
Run by cathy holloway at 2008-09-11 18:48:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 1014 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:24 PM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cathy holloway\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\cathy holloway.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe (User 'Default user')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\scntltdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rnwnw64n.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm028YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: dffudz.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9101 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-08 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-08 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-06-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-28 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-06-01 2403392]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-08 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Lexmark 4200 Series"=C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe [2004-01-16 57344]
"FaxCenterServer4_in_1"=C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe [2004-01-22 151552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-08 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-28 68856]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\cathy holloway\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\SYSTEM32\scntltdl.exe
DW_Start.lnk - C:\WINDOWS\SYSTEM32\rnwnw64n.exe
Logitech . Product Registration.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="dffudz.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

List of files/folders created in the last three months

2008-09-11 18:48:16 ----D---- C:\rsit
2008-09-11 18:44:09 ----SHD---- C:\RECYCLER
2008-09-11 18:36:48 ----A---- C:\ComboFix.txt
2008-09-11 18:29:05 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-11 18:29:00 ----D---- C:\ComboFix
2008-09-11 18:26:41 ----A---- C:\Boot.bak
2008-09-11 18:26:35 ----D---- C:\cmdcons
2008-09-11 18:26:11 ----D---- C:\WINDOWS\erdnt
2008-09-11 18:26:01 ----D---- C:\QooBox
2008-09-11 18:25:59 ----A---- C:\WINDOWS\zip.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\VFind.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\swsc.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\swreg.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\sed.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\grep.exe
2008-09-11 18:25:59 ----A---- C:\WINDOWS\fdsv.exe
2008-09-09 19:00:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-09 18:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 18:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 20:26:38 ----A---- C:\WINDOWS\system32\hibigyymdntm.dll-uninst.exe
2008-09-08 18:52:38 ----HD---- C:\$AVG8.VAULT$
2008-09-08 18:49:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-08 18:49:03 ----D---- C:\Documents and Settings\cathy holloway\Application Data\AVGTOOLBAR
2008-09-08 18:48:56 ----D---- C:\Program Files\AVG
2008-09-08 18:48:56 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-08 15:04:08 ----D---- C:\WINDOWS\CSC
2008-09-08 14:58:06 ----D---- C:\Program Files\Trend Micro
2008-09-07 21:23:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-07 18:30:03 ----D---- C:\WINDOWS\pss
2008-09-06 20:31:36 ----SHD---- C:\Config.Msi
2008-09-05 18:29:08 ----D---- C:\Program Files\Lavasoft
2008-09-05 18:29:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 18:27:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 14:28:17 ----D---- C:\Documents and Settings\cathy holloway\Application Data\Leadertech
2008-09-05 14:26:23 ----A---- C:\WINDOWS\system32\lvci11701193.dll
2008-09-05 14:24:59 ----D---- C:\Program Files\Logitech
2008-09-05 09:41:39 ----A---- C:\WINDOWS\wininit.ini
2008-09-04 22:30:20 ----A---- C:\WINDOWS\system32\gaqkiwyfqfb.exe
2008-09-04 21:32:00 ----A---- C:\WINDOWS\system32\3ff76b8f-.txt
2008-09-04 21:27:43 ----SHD---- C:\WINDOWS\Y2F0aHkgaG9sbG93YXk
2008-09-04 21:26:58 ----D---- C:\WINDOWS\system32\Xtmp
2008-09-04 21:26:58 ----D---- C:\WINDOWS\system32\hcp
2008-09-04 21:26:58 ----D---- C:\WINDOWS\system32\enB
2008-09-04 21:26:41 ----D---- C:\WINDOWS\system32\wTR02
2008-09-04 21:26:41 ----D---- C:\Temp
2008-08-23 23:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-22 16:14:24 ----D---- C:\WINDOWS\Prefetch
2008-08-22 16:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-22 16:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-22 16:12:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-22 16:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-22 16:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-22 16:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-22 16:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-22 16:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-22 16:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-22 16:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-22 16:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-22 16:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-22 16:05:25 ----A---- C:\WINDOWS\setuplog.txt
2008-08-22 16:04:21 ----D---- C:\WINDOWS\system32\en-us
2008-08-22 16:04:20 ----D---- C:\WINDOWS\system32\scripting
2008-08-22 16:04:19 ----D---- C:\WINDOWS\l2schemas
2008-08-22 16:04:18 ----D---- C:\WINDOWS\system32\en
2008-08-22 15:59:56 ----D---- C:\WINDOWS\network diagnostic
2008-08-22 15:48:10 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-08-22 15:48:06 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-08-22 15:48:01 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-08-22 15:47:59 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-22 15:47:59 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-22 15:47:53 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-08-22 15:47:53 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-08-22 15:47:45 ----A---- C:\WINDOWS\system32\setupn.exe
2008-08-22 15:47:43 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-22 15:47:41 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-08-22 15:47:40 ----A---- C:\WINDOWS\system32\qutil.dll
2008-08-22 15:47:40 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-08-22 15:47:40 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-08-22 15:47:40 ----A---- C:\WINDOWS\system32\qagent.dll
2008-08-22 15:47:39 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-22 15:47:38 ----A---- C:\WINDOWS\system32\onex.dll
2008-08-22 15:47:31 ----A---- C:\WINDOWS\system32\napstat.exe
2008-08-22 15:47:31 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-08-22 15:47:31 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-08-22 15:47:30 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-08-22 15:47:30 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-08-22 15:47:29 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-22 15:47:29 ----A---- C:\WINDOWS\system32\mssha.dll
2008-08-22 15:47:20 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-08-22 15:47:20 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-22 15:47:20 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-08-22 15:47:20 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-22 15:47:13 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-22 15:47:12 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-08-22 15:47:12 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-08-22 15:47:12 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-22 15:47:12 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-22 15:47:12 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-22 15:47:04 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-08-22 15:47:04 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-08-22 15:46:52 ----A---- C:\WINDOWS\005877_.tmp
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-22 15:46:51 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-22 15:46:49 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-08-22 15:46:48 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-08-22 15:46:48 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-22 15:46:48 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-22 15:46:47 ----A---- C:\WINDOWS\system32\credssp.dll
2008-08-22 15:46:45 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-22 15:46:44 ----A---- C:\WINDOWS\system32\azroles.dll
2008-08-22 15:46:40 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-08-16 16:33:38 ----D---- C:\Documents and Settings\cathy holloway\Application Data\ICAClient
2008-08-13 21:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 21:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 21:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 21:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 21:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 21:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 21:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-13 21:33:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-13 21:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-08-13 08:14:21 ----D---- C:\WINDOWS\system32\appmgmt
2008-07-25 19:11:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-07-25 19:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 18:49:54 ----D---- C:\Documents and Settings\cathy holloway\Application Data\Malwarebytes
2008-07-25 18:49:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 18:49:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 12:43:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-25 12:43:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-25 12:43:33 ----A---- C:\WINDOWS\system32\java.exe
2008-07-24 13:18:39 ----D---- C:\Documents and Settings\cathy holloway\Application Data\FunWebProducts
2008-07-23 11:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-22 09:12:31 ----D---- C:\Documents and Settings\cathy holloway\Application Data\Gamelab
2008-07-09 07:16:04 ----D---- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-09 07:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-03 16:27:56 ----A---- C:\WINDOWS\system32\lvci1150.dll
2008-06-27 12:47:45 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-06-27 12:23:55 ----D---- C:\Program Files\Windows Live Toolbar
2008-06-27 12:20:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-06-27 12:11:32 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-27 12:11:28 ----D---- C:\Program Files\Windows Live
2008-06-27 12:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 20:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-06-26 20:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-06-26 20:31:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-06-25 19:02:42 ----D---- C:\Documents and Settings\cathy holloway\Application Data\ArcSoft
2008-06-25 19:02:39 ----D---- C:\Program Files\Common Files\ArcSoft
2008-06-25 19:02:39 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-06-25 19:02:29 ----A---- C:\WINDOWS\system32\unicows.dll
2008-06-25 19:02:25 ----D---- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-06-25 19:02:25 ----D---- C:\Program Files\ArcSoft
2008-06-25 14:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-06-25 14:35:05 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-06-25 14:34:53 ----D---- C:\Program Files\Windows Media Connect 2
2008-06-25 14:34:44 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-06-25 14:34:01 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-06-25 14:33:37 ----D---- C:\2fbdbcfb02296ce014899b5ba572d89a
2008-06-25 14:33:33 ----D---- C:\WINDOWS\system32\LogFiles
2008-06-25 14:33:28 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-06-25 14:33:03 ----D---- C:\1899565b498e523f70
2008-06-19 23:50:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-17 07:57:58 ----D---- C:\Program Files\Yahoo! Games
2008-06-14 03:25:06 ----SHD---- C:\WINDOWS\ftpcache
2008-06-14 03:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-13 13:54:28 ----D---- C:\Documents and Settings\cathy holloway\Application Data\LimeWire
2008-06-13 12:06:18 ----D---- C:\Documents and Settings\cathy holloway\Application Data\Paltalk
2008-06-13 12:06:15 ----D---- C:\WINDOWS\PaltalkScene
2008-06-13 12:06:15 ----D---- C:\Program Files\Paltalk Messenger
2008-06-13 12:06:07 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2008-06-12 03:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-12 03:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-12 03:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950759_0$
2008-06-12 03:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 03:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 Ai2sXP;Ai2sXP; C:\WINDOWS\system32\System32\drivers\Ai2sXP.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\system32\ckldrv.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\system32\System32\Drivers\SENTINEL.SYS []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 NWLNKSPXX;NWLNKSPXX; C:\WINDOWS\System32\drivers\NWLNKSPXX.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\System32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\System32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\System32\DRIVERS\intelide.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\viaagp.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-05 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\System32\basfipm.exe [2004-04-01 77824]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-06-09 1251720]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-01 138168]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 13 September 2008 - 07:14 AM

Hello Dusky_rebel.

It looks much better. Still some left to cleanup.

Disable Realtime Protection
To disable Adware:
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:


    FILE::
    C:\WINDOWS\SYSTEM32\hibigyymdntm.dll-uninst.exe
    C:\WINDOWS\SYSTEM32\lvci11701193.dll
    C:\WINDOWS\SYSTEM32\gaqkiwyfqfb.exe
    C:\WINDOWS\SYSTEM32\scntltdl.exe
    C:\WINDOWS\SYSTEM32\rnwnw64n.exe
    C:\WINDOWS\SYSTEM32\pinkip.ico

    FOLDER::
    C:\WINDOWS\Y2F0aHkgaG9sbG93YXk
    C:\WINDOWS\SYSTEM32\wTR02
    C:\WINDOWS\SYSTEM32\Xtmp
    C:\Temp\dax41
    C:\WINDOWS\system32\hcp
    C:\WINDOWS\system32\enB

    Registry::
    O4 - S-1-5-18 Startup: Deewoo.lnk
    O4 - S-1-5-18 Startup: DW_Start.lnk
    O4 - .DEFAULT Startup: Deewoo.lnk
    O4 - .DEFAULT Startup: DW_Start.lnk
    O4 - Startup: Deewoo.lnk
    O4 - Startup: DW_Start.lnk

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll"

    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.


Post back with:
-the ComboFix log
-the F-Secure log

Also, tell me if you still have problems. Any popups still?

With Regards,
The Panda

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 16 September 2008 - 10:49 AM

Hello Dusky_rebel.

Are you still with me here? Please give me an update on the situation.

The Panda

#7 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:22 PM

Posted 18 September 2008 - 11:43 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users