Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
13 replies to this topic

#1 rocmom

rocmom

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 07 December 2008 - 01:24 PM

I've run spybot and SUPERantispyware - both find Virtumonde files and registry keys and "fixes" them but it's not getting the files? that impact the start up process and reinfect. I always run an up to date version of McAfee - not sure why this was not originally caught?

The lines I suspect are:

O4 - HKLM\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s
O4 - HKLM\..\Run: [CPMf3909c03] Rundll32.exe "c:\windows\system32\savogiju.dll",a

O4 - HKUS\S-1-5-19\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s (User 'NETWORK SERVICE')

but I'm sure there is more to this. I've also disabled teatimer based on reading another post. Help is greatly appreciated.

Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:27 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4c2f83ba-1c5c-44ee-ba99-500b7429494f} - C:\WINDOWS\system32\nobibipo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s
O4 - HKLM\..\Run: [CPMf3909c03] Rundll32.exe "c:\windows\system32\savogiju.dll",a
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bopijojope] Rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c3038784de7945bf967678e29fe14d36
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c3038784de7945bf967678e29fe14d36
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://www.peryourhealth.com/crystalreport...tiveXViewer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O18 - Protocol: bw+0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\tavimoba.dll c:\windows\system32\gafilumu.dll c:\windows\system32\tagetega.dll c:\windows\system32\fagometo.dll c:\windows\system32\dusayamo.dll c:\windows\system32\biserano.dll,C:\WINDOWS\system32\fohuvefa.dll c:\windows\system32\savogiju.dll,C:\WINDOWS\system32\menukabu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 27913 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 09 December 2008 - 03:39 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 09 December 2008 - 06:53 PM

Here are the logs. One note - It appeared that McAfee was closed however I did receive several popups during the combofix process. Also - combofix restarted my computer at one point and McAfee opens with the restart.



ComboFix 08-12-07.04 - Bullis 2008-12-09 18:14:25.1 - NTFSx86
Running from: c:\documents and settings\Bullis\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\babeleso.dll
c:\windows\system32\bszip.dll
c:\windows\system32\ederepid.ini
c:\windows\system32\idamapus.ini
c:\windows\system32\idihujil.ini
c:\windows\system32\kanelewu.dll
c:\windows\system32\linanotu.dll
c:\windows\system32\pawajinu.dll
c:\windows\system32\uyojopuh.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-06 20:51 . 2008-12-06 20:51 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 20:51 . 2008-12-06 20:51 812,344 --a------ c:\program files\HJTInstall.exe
2008-12-06 15:05 . 2008-12-06 15:05 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-06 15:05 . 2008-12-06 15:05 <DIR> d-------- c:\documents and settings\Bullis\Application Data\SUPERAntiSpyware.com
2008-12-06 15:05 . 2008-12-06 15:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-06 15:01 . 2008-12-06 15:02 5,738,016 --a------ c:\program files\SUPERAntiSpyware.exe
2008-11-28 21:07 . 2008-11-28 21:07 <DIR> d-------- c:\program files\HJT
2008-11-27 17:47 . 2008-11-27 18:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-27 17:47 . 2008-11-27 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 13:35 . 2008-11-27 13:35 444 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2008-11-22 10:26 . 2008-12-06 15:02 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 21:57 . 2008-11-14 22:08 <DIR> d-------- c:\windows\Internet Logs
2008-11-14 21:55 . 2008-11-14 21:55 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2008-11-14 21:55 . 2007-01-31 13:45 127,376 --a------ c:\windows\SYSTEM32\DRIVERS\dne2000.sys
2008-11-14 21:55 . 2007-01-31 13:45 101,904 --a------ c:\windows\SYSTEM32\dneinobj.dll
2008-11-14 21:54 . 2008-11-14 21:57 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-14 21:53 . 2008-11-14 21:53 <DIR> d-------- c:\program files\Cisco Systems
2008-11-12 07:49 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 07:48 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 22:52 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-06 18:33 --------- d-----w c:\program files\BMCentral
2008-11-22 15:28 --------- d-----w c:\program files\Lavasoft
2008-11-22 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-09 19:19 --------- d-----w c:\documents and settings\Bullis\Application Data\U3
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-08-30 14:42 159,056 ----a-w c:\documents and settings\Bullis\Application Data\GDIPFONTCACHEV1.DAT
2007-09-15 19:24 827,392 ----a-w c:\program files\Using Parameters with Queries and Reports.mdb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-12-10 36864]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-10 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-04 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-25 113664]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-03-10 156784]
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2005-03-25 189952]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-10 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-11-14 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\WINDOWS\\SYSTEM32\\MSHTA.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcupdui.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\DRWTSN32.EXE"=
"c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\Mcshield.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-13 33752]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\DRIVERS\pc22nd5.sys [2005-03-25 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\DRIVERS\pc22unic.sys [2005-03-25 69744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4c2f83ba-1c5c-44ee-ba99-500b7429494f} - (no file)
HKLM-Run-CPMf3909c03 - c:\windows\system32\teriwazi.dll
HKLM-Run-bopijojope - c:\windows\system32\hiwutiwa.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = localhost
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c3038784de7945bf967678e29fe14d36
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c3038784de7945bf967678e29fe14d36
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\ConnectorLauncher.dll - c:\windows\Downloaded Program Files\ConnectorScriptEngine.exe
O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5}
hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
c:\windows\Downloaded Program Files\ConnectorLauncher.inf

c:\windows\system32\atl.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\cselexpt.ocx
c:\windows\Downloaded Program Files\reportparameterdialog.dll
c:\windows\Downloaded Program Files\CRViewer.dll
c:\windows\Downloaded Program Files\sviewhlp.dll
c:\windows\Downloaded Program Files\swebrs.dll
O16 -: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011}
hxxps://www.peryourhealth.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
c:\windows\Downloaded Program Files\crviewer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 18:25:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Bullis\LOCALS~1\Temp\pcf2.tmp 533 bytes
c:\docume~1\Bullis\LOCALS~1\Temp\Perflib_Perfdata_b70.dat
c:\docume~1\Bullis\LOCALS~1\Temp\Perflib_Perfdata_c18.dat

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\fxssvc.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-12-09 18:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-09 23:37:52

Pre-Run: 56,099,717,120 bytes free
Post-Run: 56,187,981,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

243 --- E O F --- 2008-11-13 04:16:34



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:00 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c3038784de7945bf967678e29fe14d36
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c3038784de7945bf967678e29fe14d36
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://www.peryourhealth.com/crystalreport...tiveXViewer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O18 - Protocol: bw+0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E46C23F6-BA24-4A6B-8F52-C1C2F61CD00A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 26547 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 10 December 2008 - 12:39 AM

Your log looks good... Lets do this to see what might left..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.


Post these logs in your next reply..

1. Malwarebytes'
2. GMER
3. How is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 10 December 2008 - 07:39 PM

Malwarebytes ran okay and the log is at the end of the post.

GMER - everything stopped shortly after starting running GMER. The computer went to a dark blue screen with the following message that I've had to retype as cut & paste was not an option.

A problem has been detected and windows has shut down to prevent damage to your computer.
The problem seems to be caused by the following file: gmer.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this stop error screen, restart your computer If this screen appears again follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation ask your hardware or software manufacturer for any windows updates you may need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advance Startup Options and select Safe Mode.

Technical Information:
*** STOP: 0x00000050, (0xFE613000, 0x00000000, 0xB8AACB91, 0x00000000)
***gmer.sys - Address B8AACB91 base at B8AA8000, Date Stamp 480733d8

So this scared the living daylights out of me and I had restart by using the power button. At this time I don't feel comfortable using this program again.

I also have McAfee running and am getting this notice:

Potentially Unwanted Program
McAfee has blocked a PUP on your computer. If you do not recognize it, we recommend that you remove the program.
About PUP:
Name: TOOL-NirCmd
Location: C:\System Volume Information\_restore {202550A8-7A33-4BCA-9586-051D24DDBFBF}\RP1325\A0066199.com

The options are to remove the program, trust this program or close the alert. I've been choosing close this alert.

And to answer your 3rd question - how is the computer now. It is running much better and faster. On the internet the new windows for antispyware are not opening up as they were before. When I restarted it was so much quicker. Next I have to learn how to stop so many programs from opening at start up but that's another day.

I so appreciate this assistance.

Here is the Malwarebytes log - looks like it caught more Vundo junk.

Malwarebytes' Anti-Malware 1.31
Database version: 1482
Windows 5.1.2600 Service Pack 3

12/10/2008 5:34:25 PM
mbam-log-2008-12-10 (17-34-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138571
Time elapsed: 2 hour(s), 41 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\babeleso.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kanelewu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\linanotu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pawajinu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1317\A0065594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1317\A0065596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1317\A0065597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1318\A0065710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1319\A0065773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1322\A0065962.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1322\A0065963.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1326\A0066227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1326\A0066231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1326\A0066232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1326\A0066233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\menukabu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\telemize.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by rocmom, 10 December 2008 - 07:41 PM.


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 10 December 2008 - 10:49 PM

I need you to scan another thing...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 11 December 2008 - 06:53 PM

Here is the SDFix Log:


SDFix: Version 1.240
Run by Bullis on Thu 12/11/2008 at 06:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

So is it okay that I wasn't able to run the GMER program?
Again thank you so much for this help.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 11 December 2008 - 11:26 PM

It looks like its not completed.. Lets do another one....


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 12 December 2008 - 06:53 PM

Last night McAfee did a scheduled scan and 4 Trojans were quarantined:

Generic.dx in SDFIX.exe

Vundo.gen.o in C:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp1318\a0065708.dll

Vundo.gen.o in C:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp1319\a0065771.dll

Generic.dx in C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1329\A0067582.EXE

And here is the Lop S&D log:



--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Bullis ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:52 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Fri 12/12/2008|18:30 )

--------------------\\ Listing folders in APPLIC~1

[09/13/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/19/2005|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[07/04/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/10/2005|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[05/28/2008|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[12/11/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[03/10/2005|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[07/29/2006|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[03/10/2005|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[03/25/2005|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[11/22/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[12/10/2008|06:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[05/15/2005|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MCA208.tmp
[02/18/2007|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/18/2007|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[04/24/2005|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[04/04/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/13/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[08/10/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/01/2006|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[03/10/2005|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[11/27/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[12/06/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/25/2005|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[05/16/2008|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[02/04/2007|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[06/14/2007|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[12/03/2006|07:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar

[09/13/2008|09:12] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Adobe
[08/10/2008|05:42] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> AdobeUM
[12/29/2006|03:24] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Apple Computer
[04/23/2005|01:08] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> ArcSoft
[09/15/2007|02:18] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Corel
[03/26/2005|06:08] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> CyberLink
[06/10/2006|01:42] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Google
[04/09/2007|09:43] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Gtek
[12/18/2005|02:44] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Help
[07/11/2006|04:56] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Hewlett-Packard
[07/30/2006|09:28] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> HP
[03/10/2005|09:15] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Identities
[07/07/2007|03:39] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Image Zone Express
[12/29/2006|04:30] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> InstallShield
[04/05/2008|08:20] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Intuit
[03/02/2006|01:25] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Jasc Software Inc
[04/04/2005|06:53] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Keynote Systems
[04/04/2008|05:41] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Lavasoft
[03/25/2005|06:54] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Leadertech
[04/20/2005|06:13] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Macromedia
[12/10/2008|06:24] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Malwarebytes
[04/01/2005|06:30] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> McAfee.com
[04/19/2005|08:27] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> McAfee.com Personal Firewall
[01/27/2008|11:39] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Microsoft
[12/31/2005|09:31] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Snapfish
[03/25/2005|06:56] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Sonic
[03/10/2005|09:44] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Sun
[12/06/2008|03:05] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> SUPERAntiSpyware.com
[11/09/2008|02:19] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> U3
[02/04/2007|05:33] C:\DOCUME~1\Bullis\APPLIC~1\<DIR> Viewpoint

[03/10/2005|09:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[03/10/2005|09:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc
[03/10/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/10/2005|09:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[03/10/2005|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[05/03/2005|01:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[03/25/2005|04:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[05/28/2008|02:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[03/10/2005|09:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/15/2008 03:03 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[10/01/2008 12:01 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[12/12/2008 05:39 PM][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[12/11/2008 09:56 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[09/13/2008|09:11] C:\Program Files\<DIR> Adobe
[04/19/2005|11:22] C:\Program Files\<DIR> America Online 9.0
[03/10/2005|09:34] C:\Program Files\<DIR> Analog Devices
[03/10/2005|09:54] C:\Program Files\<DIR> AOL Companion
[03/25/2005|07:24] C:\Program Files\<DIR> ArcSoft
[12/17/2006|11:29] C:\Program Files\<DIR> Blast! Software
[12/06/2008|01:33] C:\Program Files\<DIR> BMCentral
[04/30/2005|04:29] C:\Program Files\<DIR> Broderbund
[03/25/2005|07:32] C:\Program Files\<DIR> Canon
[11/14/2008|09:53] C:\Program Files\<DIR> Cisco Systems
[12/09/2008|06:17] C:\Program Files\<DIR> Common Files
[03/10/2005|09:15] C:\Program Files\<DIR> ComPlus Applications
[06/16/2007|07:15] C:\Program Files\<DIR> Coupons
[03/25/2005|07:14] C:\Program Files\<DIR> CreataCard
[03/10/2005|09:46] C:\Program Files\<DIR> CyberLink
[03/10/2005|09:45] C:\Program Files\<DIR> Dell
[03/10/2005|09:51] C:\Program Files\<DIR> Dell Inc
[05/16/2008|08:15] C:\Program Files\<DIR> Dell Support Center
[04/09/2007|09:38] C:\Program Files\<DIR> DellSupport
[03/10/2005|09:54] C:\Program Files\<DIR> EarthLink Setup
[09/13/2008|08:31] C:\Program Files\<DIR> Google
[03/10/2005|09:55] C:\Program Files\<DIR> H&R Block Tax Offer
[07/29/2006|12:04] C:\Program Files\<DIR> Hewlett-Packard
[11/28/2008|09:07] C:\Program Files\<DIR> HJT
[07/29/2006|11:59] C:\Program Files\<DIR> HP
[01/06/2008|08:02] C:\Program Files\<DIR> InstallShield Installation Information
[05/14/2007|05:02] C:\Program Files\<DIR> Intel
[08/28/2008|05:54] C:\Program Files\<DIR> Internet Explorer
[03/10/2005|09:55] C:\Program Files\<DIR> Intuit
[07/04/2006|09:15] C:\Program Files\<DIR> iPod
[01/29/2006|07:08] C:\Program Files\<DIR> ItsDeductible2005
[12/29/2006|04:36] C:\Program Files\<DIR> ItsDeductible2006
[03/26/2005|06:10] C:\Program Files\<DIR> ItsDeductibleEX
[07/04/2006|08:53] C:\Program Files\<DIR> iTunes
[03/10/2005|09:51] C:\Program Files\<DIR> Jasc Software Inc
[07/16/2008|06:25] C:\Program Files\<DIR> Java
[11/22/2008|10:28] C:\Program Files\<DIR> Lavasoft
[09/25/2007|05:15] C:\Program Files\<DIR> LD Supreme
[03/10/2005|09:54] C:\Program Files\<DIR> Learn2.com
[12/03/2006|07:09] C:\Program Files\<DIR> Logitech
[12/10/2008|06:24] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/23/2008|07:04] C:\Program Files\<DIR> McAfee
[02/18/2007|07:19] C:\Program Files\<DIR> McAfee.com
[05/03/2005|12:32] C:\Program Files\<DIR> Memorex
[08/28/2008|06:03] C:\Program Files\<DIR> Messenger
[05/03/2005|12:33] C:\Program Files\<DIR> MGI
[03/25/2005|06:23] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2007|02:11] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[03/10/2005|09:15] C:\Program Files\<DIR> microsoft frontpage
[03/25/2005|06:43] C:\Program Files\<DIR> Microsoft Office
[03/10/2005|09:49] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[03/10/2005|09:49] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[03/10/2005|09:45] C:\Program Files\<DIR> Modem Helper
[03/10/2005|09:45] C:\Program Files\<DIR> Modem On Hold
[08/28/2008|05:54] C:\Program Files\<DIR> Movie Maker
[07/29/2007|09:43] C:\Program Files\<DIR> MSN
[03/10/2005|09:15] C:\Program Files\<DIR> MSN Gaming Zone
[08/28/2008|06:22] C:\Program Files\<DIR> MSN Messenger
[11/18/2006|03:04] C:\Program Files\<DIR> MSXML 4.0
[03/10/2005|09:51] C:\Program Files\<DIR> MUSICMATCH
[08/28/2008|05:45] C:\Program Files\<DIR> NetMeeting
[03/10/2005|09:47] C:\Program Files\<DIR> NetZeroInstallers
[09/13/2008|08:57] C:\Program Files\<DIR> NOS
[03/10/2005|09:15] C:\Program Files\<DIR> Online Services
[08/28/2008|05:44] C:\Program Files\<DIR> Outlook Express
[02/13/2008|06:59] C:\Program Files\<DIR> QuickTime
[12/03/2006|07:28] C:\Program Files\<DIR> Real
[03/10/2005|09:56] C:\Program Files\<DIR> Sonic
[11/27/2008|06:22] C:\Program Files\<DIR> Spybot - Search & Destroy
[06/14/2008|11:23] C:\Program Files\<DIR> Sun
[12/06/2008|03:05] C:\Program Files\<DIR> SUPERAntiSpyware
[03/25/2005|05:32] C:\Program Files\<DIR> Support.com
[12/06/2008|08:51] C:\Program Files\<DIR> Trend Micro
[01/06/2008|07:57] C:\Program Files\<DIR> TurboTax
[03/10/2005|09:15] C:\Program Files\<DIR> Uninstall Information
[03/10/2005|09:54] C:\Program Files\<DIR> Viewpoint
[08/22/2007|01:12] C:\Program Files\<DIR> Virtual Earth 3D
[12/01/2007|03:03] C:\Program Files\<DIR> Windows Live Toolbar
[08/28/2008|05:44] C:\Program Files\<DIR> Windows Media Player
[08/28/2008|05:44] C:\Program Files\<DIR> Windows NT
[03/10/2005|09:15] C:\Program Files\<DIR> WindowsUpdate
[03/10/2005|09:46] C:\Program Files\<DIR> WordPerfect Office 12
[03/10/2005|09:15] C:\Program Files\<DIR> XEROX
[04/20/2005|06:12] C:\Program Files\<DIR> Yahoo!
[03/10/2005|09:46] C:\Program Files\<DIR> Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/13/2008|09:08] C:\Program Files\Common Files\<DIR> Adobe
[09/13/2008|09:10] C:\Program Files\Common Files\<DIR> Adobe AIR
[01/06/2008|08:02] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[03/10/2005|09:53] C:\Program Files\Common Files\<DIR> AOL
[03/10/2005|09:54] C:\Program Files\Common Files\<DIR> aolshare
[03/10/2005|09:47] C:\Program Files\Common Files\<DIR> Borland Shared
[03/10/2005|09:46] C:\Program Files\Common Files\<DIR> Corel
[03/25/2005|06:22] C:\Program Files\Common Files\<DIR> Designer
[11/14/2008|09:55] C:\Program Files\Common Files\<DIR> Deterministic Networks
[07/29/2006|12:03] C:\Program Files\Common Files\<DIR> HP
[03/10/2005|09:50] C:\Program Files\Common Files\<DIR> InstallShield
[03/10/2005|09:55] C:\Program Files\Common Files\<DIR> Intuit
[03/10/2005|09:50] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[03/10/2005|09:44] C:\Program Files\Common Files\<DIR> Java
[12/03/2006|07:10] C:\Program Files\Common Files\<DIR> Logitech
[08/01/2007|05:05] C:\Program Files\Common Files\<DIR> McAfee
[05/03/2005|12:33] C:\Program Files\Common Files\<DIR> MGI Shared
[03/27/2007|02:02] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/10/2005|09:15] C:\Program Files\Common Files\<DIR> MSSoap
[03/10/2005|09:54] C:\Program Files\Common Files\<DIR> Nullsoft
[03/10/2005|09:15] C:\Program Files\Common Files\<DIR> ODBC
[03/10/2005|09:54] C:\Program Files\Common Files\<DIR> Real
[03/10/2005|09:15] C:\Program Files\Common Files\<DIR> Services
[03/10/2005|09:49] C:\Program Files\Common Files\<DIR> Sonic
[03/10/2005|09:15] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/16/2008|08:13] C:\Program Files\Common Files\<DIR> supportsoft
[03/26/2005|03:09] C:\Program Files\Common Files\<DIR> SWF Studio
[08/28/2008|05:44] C:\Program Files\Common Files\<DIR> System
[12/06/2008|03:02] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Bullis\Cookies\bullis@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 18:31:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Games\Ultimate Mahjongg 10\Backs\Textures\Silver Cracks.jpg


[F:30][D:2]-> C:\DOCUME~1\Bullis\LOCALS~1\Temp
[F:790][D:0]-> C:\DOCUME~1\Bullis\Cookies
[F:3518][D:16]-> C:\DOCUME~1\Bullis\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 12/12/2008|18:34 - Option : [1]

--------------------\\ Scan completed at 18:34:12

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 12 December 2008 - 11:50 PM

Well.. Everything looks good to me.. Lets do this...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 December 2008 - 07:22 AM

Do you mean that I should run ComboFix again and post the log?When I type in ComboFix /u and click OK my option then is to Run or Cancel.

Thank you so much for all of your help with this.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 13 December 2008 - 02:17 PM

No.. it shouldn't do that.. Lets do this instead :thumbsup:


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

No log to post.. Just tell me, how's the computer now :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 rocmom

rocmom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 December 2008 - 03:24 PM

Awesome! This one ran just fine and computer rebooted. I've also uninstalled unused programs and ended several programs from running at startup. No more additional windows are opening up and everything is running much quicker. I think you've done it!

Your help and patience is greatly appreciated.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 13 December 2008 - 03:56 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users