Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a few trojans i cant get rid of


  • This topic is locked This topic is locked
13 replies to this topic

#1 petergriffen

petergriffen

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 February 2009 - 08:13 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:40 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: (no name) - {28D0EF2B-41FF-4E45-AB90-398BC0428896} - C:\WINDOWS\system32\cbxYPJyY.dll (file missing)
O2 - BHO: (no name) - {45E17257-5554-45D5-BA11-8B6485D28F4E} - C:\WINDOWS\system32\opnoMeFy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9} - C:\WINDOWS\system32\msug.dll (file missing)
O2 - BHO: (no name) - {97f56af3-c191-4106-8173-88229b82f5d8} - C:\WINDOWS\system32\fwpokb.dll
O2 - BHO: bigadnetwork browser enhancer - {B4C25866-C04D-E1B1-8D6D-E6E20AE79202} - C:\WINDOWS\system32\mbwomggvje.dll
O2 - BHO: (no name) - {D88E1558-7C2D-407A-953A-C044F5607CEA} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [izmbvugjxjlzvbwi] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\mbwomggvje.dll"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iesvcmon] "C:\WINDOWS\system32\iesvcmon.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Dell\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKLM\..\RunOnce: [SpybotDeletingA567] command.com /c del "C:\Documents and Settings\Dell\Application Data\Gool\Gool.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC603] cmd.exe /c del "C:\Documents and Settings\Dell\Application Data\Gool\Gool.exe"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKLM\..\RunOnce: [MP11_EnsureDeviceRescan] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wpd_ci.dll,DoCmd remove rescan
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\SSTEM3~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8654] command.com /c del "C:\Documents and Settings\Dell\Application Data\Gool\Gool.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9828] cmd.exe /c del "C:\Documents and Settings\Dell\Application Data\Gool\Gool.exe"
O4 - HKCU\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingB2437] command.com /c del "C:\Program Files\VnrBlock\xtarga.gz" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingD5096] cmd.exe /c del "C:\Program Files\VnrBlock\xtarga.gz" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingB6278] command.com /c del "C:\Program Files\GetPack\GetPack27.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingD9333] cmd.exe /c del "C:\Program Files\GetPack\GetPack27.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingB4125] command.com /c del "C:\Program Files\GetPack\GetPack28.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingD7692] cmd.exe /c del "C:\Program Files\GetPack\GetPack28.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingB2095] command.com /c del "C:\Program Files\Mjcore\Mjcore.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingD5558] cmd.exe /c del "C:\Program Files\Mjcore\Mjcore.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingB6882] command.com /c del "C:\Program Files\Webtools\webtools.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-500\..\RunOnce: [SpybotDeletingD6150] cmd.exe /c del "C:\Program Files\Webtools\webtools.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-1085031214-492894223-1957994488-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Guest')
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233801772730
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxYPJyY - cbxYPJyY.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10858 bytes

BC AdBot (Login to Remove)

 


#2 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 06 February 2009 - 02:57 PM

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
No Reply Within 5 Days Will Result In Your Topic Being Closed!!

#3 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 06 February 2009 - 03:43 PM

Thanks

I ran malwarebytes but didnt delete any of it

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/6/2009 8:02:04 PM
mbam-log-2009-02-06 (20-01-55).txt

Scan type: Quick Scan
Objects scanned: 74372
Time elapsed: 28 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 73
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fwpokb.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28d0ef2b-41ff-4e45-ab90-398bc0428896} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxypjyy (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28d0ef2b-41ff-4e45-ab90-398bc0428896} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\grandbar.bho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{bb112471-9094-471b-92b0-931a40c42b98} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\grandbar.bho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e3c9ecb-fefa-4a4c-9534-59b6ed93ca8c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e3c9ecb-fefa-4a4c-9534-59b6ed93ca8c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grandpack (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1efb6596-857c-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2c247f23-8591-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35053a22-8589-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{66833fe6-8583-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e3867a3-8586-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bdd1f04b-858b-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce32-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce33-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce34-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce35-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce36-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce37-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce38-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce39-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3a-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3b-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3c-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3d-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3e-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce3f-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce40-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce41-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c27cce42-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c74190b6-8589-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dd9da666-8594-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f08df954-8592-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\grandbar.band (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\grandbar.band.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4c25866-c04d-e1b1-8d6d-e6e20ae79202} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b4c25866-c04d-e1b1-8d6d-e6e20ae79202} (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\izmbvugjxjlzvbwi (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tair (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\GrandPack (Trojan.Agent) -> No action taken.
C:\Program Files\Twain (Trojan.Agent) -> No action taken.
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\repair-bar (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-100 (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Dell\Application Data\speedrunner (Adware.SurfAccuracy) -> No action taken.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.

Files Infected:
C:\WINDOWS\system32\cbxYPJyY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fwpokb.dll (Trojan.BHO.H) -> No action taken.
C:\Program Files\GrandPack\GrandPack2.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\WINDOWS\system32\gdvchrkp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mywoux.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dfgajefx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jrclotar.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\CMHY1AYU\155[2].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\CMHY1AYU\156[1].net (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\ctxad-582[1].0000 (Backdoor.Small) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\index[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\upd105320[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\RNLJJTMN\104[1].net (Trojan.Downloader) -> No action taken.
C:\Program Files\GrandPack\qdrloader.exe (Trojan.Agent) -> No action taken.
C:\Program Files\GrandPack\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Registry Defender Platinum\mscomctl.ocx (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe.manifest (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> No action taken.
C:\Program Files\Registry Defender Platinum\backup\10_17_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Dell\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> No action taken.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\Customer Support.lnk (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\Registry Defender Platinum.lnk (Rogue.RegistryDefender) -> No action taken.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\User Guide.lnk (Rogue.RegistryDefender) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\mbwomggvje.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMff94f777.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMff94f777.txt (Trojan.Vundo) -> No action taken.

Edited by petergriffen, 06 February 2009 - 08:04 PM.


#4 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 07 February 2009 - 10:41 AM

Hello!

Please do not run any tools while working with me. It will affect what steps i will do. Luckily you havent cleaned anything yet.

Spybot S&D Teatimer

We need to disable Spybot S&D's TeaTimer. TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running. In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on
    Advanced Mode

    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
  • Reboot your machine for the changes to take effect.
Disable AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:
  • Open AdAware SE
  • Go to AdWatch User Interface
  • Go to Tools and Preferences
  • At the bottom of the screen you will see 2 options Active and Automatic
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settins:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


random's system information tool (RSIT)
  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes Antimalware Log
  • RSIT Logs, log.txt and info.txt
  • A description of how your computer is behaving


#5 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 07 February 2009 - 04:20 PM

i trying to fix this for a friend. computer doesnt run too bad but
has something called yoog search in internet explorer that wont remove, ronads popup, and i hear i won an apple ipod mini but dont see any webpages.

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/7/2009 2:41:57 PM
mbam-log-2009-02-07 (14-41-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106073
Time elapsed: 1 hour(s), 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 73
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fwpokb.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28d0ef2b-41ff-4e45-ab90-398bc0428896} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxypjyy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28d0ef2b-41ff-4e45-ab90-398bc0428896} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97f56af3-c191-4106-8173-88229b82f5d8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bb112471-9094-471b-92b0-931a40c42b98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{17bfcf1a-b579-48a7-9849-719ddd11d340} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84ba8988-33e1-4c89-a150-bf428e8d3213} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e3c9ecb-fefa-4a4c-9534-59b6ed93ca8c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e3c9ecb-fefa-4a4c-9534-59b6ed93ca8c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grandpack (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1efb6596-857c-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2c247f23-8591-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35053a22-8589-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66833fe6-8583-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e3867a3-8586-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bdd1f04b-858b-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce32-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce33-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce34-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce35-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce36-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce37-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce38-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce39-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3a-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3b-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3c-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3d-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3e-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce3f-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce40-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce41-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c27cce42-8596-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c74190b6-8589-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dd9da666-8594-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f08df954-8592-11d1-b16a-00c0f0283628} (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4c25866-c04d-e1b1-8d6d-e6e20ae79202} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4c25866-c04d-e1b1-8d6d-e6e20ae79202} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\izmbvugjxjlzvbwi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tair (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\GrandPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\repair-bar (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\scan-bar-100 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\scan-bar-pulse (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cbxYPJyY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwpokb.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Program Files\GrandPack\GrandPack2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\CMHY1AYU\155[2].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\CMHY1AYU\156[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\ctxad-582[1].0000 (Backdoor.Small) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\HGRBRB51\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\RNLJJTMN\104[1].net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\owzz\owzzd\owzzc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\qdrloader.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058397.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058387.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058390.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058391.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77B9A89B-7749-4D32-8772-407BB42CF065}\RP96\A0058402.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gdvchrkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mywoux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfgajefx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jrclotar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\GrandPack\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\mscomctl.ocx (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\RegistryDefender.exe.manifest (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup\10_17_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\Customer Support.lnk (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\Registry Defender Platinum.lnk (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Start Menu\Programs\Registry Defender Platinum\User Guide.lnk (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbwomggvje.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMff94f777.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMff94f777.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

THEN IN SAFE MODE

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/7/2009 4:13:36 PM
mbam-log-2009-02-07 (16-13-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 104524
Time elapsed: 53 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







Logfile of random's system information tool 1.05 (written by random/random)
Run by Dell at 2009-02-07 16:18:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (56%) free of 19 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:37 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dell\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dell.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: (no name) - {28D0EF2B-41FF-4E45-AB90-398BC0428896} - (no file)
O2 - BHO: (no name) - {45E17257-5554-45D5-BA11-8B6485D28F4E} - C:\WINDOWS\system32\opnoMeFy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9} - C:\WINDOWS\system32\msug.dll (file missing)
O2 - BHO: (no name) - {97f56af3-c191-4106-8173-88229b82f5d8} - (no file)
O2 - BHO: (no name) - {B4C25866-C04D-E1B1-8D6D-E6E20AE79202} - (no file)
O2 - BHO: (no name) - {D88E1558-7C2D-407A-953A-C044F5607CEA} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iesvcmon] "C:\WINDOWS\system32\iesvcmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Dell\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233801772730
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxYPJyY - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7767 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28D0EF2B-41FF-4E45-AB90-398BC0428896}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45E17257-5554-45D5-BA11-8B6485D28F4E}]
C:\WINDOWS\system32\opnoMeFy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9}]
C:\WINDOWS\system32\msug.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f56af3-c191-4106-8173-88229b82f5d8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4C25866-C04D-E1B1-8D6D-E6E20AE79202}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-10 2403392]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2003-02-24 163840]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-10-11 126976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-10-11 561152]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-04 509784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"iesvcmon"=C:\WINDOWS\system32\iesvcmon.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DELDIR0.EXE"=C:\DOCUME~1\Dell\LOCALS~1\Temp\DELDIR0.EXE C:\Program Files\McAfee\McAfee Shared Components\Guardian\ []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMff94f777]
C:\WINDOWS\system32\pfctbmhp.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
C:\WINDOWS\system32\brastk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bufh]
C:\Program Files\Common Files\s?stem\m?hta.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule35]
C:\Program Files\GetModule\GetModule35.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack28]
C:\Program Files\GetPack\GetPack28.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gool]
C:\Documents and Settings\Dell\Application Data\Gool\Gool.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvlxwxissjt]
C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\owzz]
C:\PROGRA~1\COMMON~1\owzz\owzzm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
C:\Documents and Settings\Dell\Application Data\Microsoft\Windows\badnjkf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-10-29 25798440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\Dell\Application Data\SpeedRunner\SpeedRunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-02 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tair]
C:\PROGRA~1\COMMON~1\SSTEM3~1\wowexec.exe -vt yazb []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VnrBlock21]
C:\Program Files\VnrBlock\VnrBlock21.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Antispyware 2009]
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless G Cardbus Adapter Utility.lnk - C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxYPJyY]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28D0EF2B-41FF-4E45-AB90-398BC0428896}"= []
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnoMeFy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-02-07 16:18:02 ----D---- C:\rsit
2009-02-06 21:27:27 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-02-06 21:26:35 ----D---- C:\Program Files\Common Files\McAfee
2009-02-06 21:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-02-06 19:30:27 ----D---- C:\Documents and Settings\Dell\Application Data\Malwarebytes
2009-02-06 19:30:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-06 19:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-05 21:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-05 21:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-05 21:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-05 21:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-05 21:24:26 ----HD---- C:\WINDOWS\PIF
2009-02-05 21:17:12 ----D---- C:\Documents and Settings\Dell\Application Data\Windows Search
2009-02-05 20:08:58 ----D---- C:\Program Files\Trend Micro
2009-02-05 19:44:42 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-05 19:44:30 ----D---- C:\Program Files\MSBuild
2009-02-05 19:44:05 ----D---- C:\Program Files\Reference Assemblies
2009-02-05 19:41:34 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-05 19:41:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-02-05 19:41:33 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-02-05 19:41:30 ----D---- C:\e533cb0d15242dd2434d15cb507e
2009-02-05 18:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-02-05 18:58:47 ----D---- C:\Documents and Settings\Dell\Application Data\Windows Desktop Search
2009-02-05 18:56:16 ----D---- C:\Program Files\Windows Desktop Search
2009-02-05 18:56:15 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-02-05 18:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-02-05 18:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-02-05 18:52:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-05 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-05 18:50:28 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-05 18:49:34 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-05 18:44:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-05 18:42:01 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-05 18:34:37 ----RSD---- C:\WINDOWS\assembly
2009-02-05 18:34:35 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-05 18:34:29 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-05 17:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-05 17:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-05 17:31:45 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-02-04 23:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-04 23:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-04 23:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-04 23:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-04 23:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-04 23:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-04 23:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-04 23:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-04 23:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-04 23:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-04 23:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-04 23:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-04 23:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-04 23:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-04 23:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-04 23:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-04 23:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-04 23:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-04 23:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-04 23:14:17 ----D---- C:\WINDOWS\system32\scripting
2009-02-04 23:14:16 ----D---- C:\WINDOWS\l2schemas
2009-02-04 23:14:14 ----D---- C:\WINDOWS\system32\en
2009-02-04 23:14:13 ----D---- C:\WINDOWS\system32\bits
2009-02-04 23:08:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-04 22:52:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-04 22:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-02-04 22:31:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-04 22:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-04 22:29:48 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-04 22:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-02-04 22:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-02-04 22:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-04 22:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-04 22:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-04 22:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-04 22:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-02-04 22:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-04 22:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-04 22:24:03 ----A---- C:\WINDOWS\system32\MRT.INI
2009-02-04 21:44:58 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-04 21:26:44 ----A---- C:\WINDOWS\wininit.ini
2009-02-04 20:05:22 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-02-04 18:41:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-04 18:26:39 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-04 18:26:31 ----D---- C:\Program Files\Alwil Software
2009-02-04 18:15:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-04 18:13:53 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 18:13:13 ----D---- C:\Program Files\Lavasoft
2009-02-04 18:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-04 18:08:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 18:08:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 17:59:44 ----SHD---- C:\WINDOWS\RGVsbA
2009-02-04 17:55:27 ----D---- C:\WINDOWS\pss
2009-01-26 20:00:54 ----D---- C:\Documents and Settings\Dell\Application Data\?ymantec
2009-01-20 00:13:15 ----D---- C:\Program Files\WebShow
2009-01-14 21:22:21 ----D---- C:\Documents and Settings\Dell\Application Data\W?nSxS
2009-01-12 19:44:10 ----SH---- C:\WINDOWS\system32\pfssrwwr.ini
2009-01-12 19:38:33 ----SH---- C:\WINDOWS\system32\ncndidlf.ini
2009-01-11 19:38:06 ----SH---- C:\WINDOWS\system32\ieulwlqc.ini
2009-01-11 19:37:46 ----A---- C:\WINDOWS\system32\jqyecwcvseawfn.exe
2009-01-11 19:37:31 ----D---- C:\Program Files\??crosoft
2009-01-11 19:31:15 ----D---- C:\Program Files\Belkin
2009-01-11 19:30:31 ----D---- C:\Program Files\Common Files\Skype
2009-01-11 19:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-01-11 19:29:13 ----D---- C:\Program Files\Common Files\??crosoft
2009-01-11 19:25:53 ----D---- C:\WINDOWS\owzz
2009-01-11 19:25:53 ----D---- C:\Program Files\Common Files\owzz
2009-01-11 19:25:52 ----D---- C:\Program Files\Synaptics
2009-01-11 19:25:47 ----D---- C:\Program Files\Roxio
2009-01-11 19:25:40 ----D---- C:\Program Files\Common Files\Adaptec Shared
2009-01-11 19:25:37 ----D---- C:\Program Files\Common Files\s?stem32

======List of files/folders modified in the last 1 months======

2009-02-07 16:18:18 ----D---- C:\WINDOWS\Prefetch
2009-02-07 16:17:55 ----D---- C:\WINDOWS\Temp
2009-02-07 15:00:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-07 14:44:01 ----D---- C:\WINDOWS\system32
2009-02-07 14:43:59 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 14:43:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-07 14:41:56 ----D---- C:\Program Files
2009-02-07 14:41:54 ----D---- C:\WINDOWS
2009-02-07 14:41:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-07 13:20:08 ----D---- C:\Program Files\McAfee
2009-02-06 21:26:35 ----D---- C:\Program Files\Common Files
2009-02-06 21:26:21 ----HD---- C:\WINDOWS\inf
2009-02-06 21:06:37 ----SH---- C:\boot.ini
2009-02-06 21:06:37 ----A---- C:\WINDOWS\win.ini
2009-02-06 21:06:37 ----A---- C:\WINDOWS\system.ini
2009-02-06 21:02:20 ----D---- C:\WINDOWS\Minidump
2009-02-06 15:54:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-06 15:54:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-05 22:08:15 ----SHD---- C:\WINDOWS\Installer
2009-02-05 22:08:15 ----D---- C:\Config.Msi
2009-02-05 21:44:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-05 21:42:05 ----A---- C:\WINDOWS\imsins.BAK
2009-02-05 21:39:21 ----D---- C:\WINDOWS\Registration
2009-02-05 21:39:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-05 20:02:50 ----D---- C:\WINDOWS\WinSxS
2009-02-05 19:44:33 ----D---- C:\WINDOWS\system32\en-US
2009-02-05 19:44:19 ----RSD---- C:\WINDOWS\Fonts
2009-02-05 19:42:30 ----D---- C:\WINDOWS\system32\spool
2009-02-05 19:29:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-05 19:28:24 ----D---- C:\Program Files\Internet Explorer
2009-02-05 19:27:31 ----D---- C:\WINDOWS\pchealth
2009-02-05 18:59:10 ----D---- C:\WINDOWS\system32\wbem
2009-02-05 18:59:00 ----SD---- C:\Documents and Settings\Dell\Application Data\Microsoft
2009-02-05 18:57:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-05 18:50:25 ----D---- C:\Program Files\Windows Media Player
2009-02-05 18:50:06 ----D---- C:\WINDOWS\Help
2009-02-05 18:42:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-05 18:35:20 ----D---- C:\WINDOWS\system32\mui
2009-02-05 17:40:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-04 23:37:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-04 23:34:38 ----A---- C:\WINDOWS\setuplog.txt
2009-02-04 23:33:27 ----D---- C:\WINDOWS\system32\Setup
2009-02-04 23:33:25 ----D---- C:\WINDOWS\AppPatch
2009-02-04 23:28:31 ----D---- C:\WINDOWS\security
2009-02-04 23:23:34 ----D---- C:\Program Files\Messenger
2009-02-04 23:14:55 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-04 23:14:55 ----D---- C:\WINDOWS\network diagnostic
2009-02-04 23:14:54 ----D---- C:\WINDOWS\ime
2009-02-04 23:14:19 ----D---- C:\WINDOWS\system32\usmt
2009-02-04 23:14:13 ----D---- C:\WINDOWS\PeerNet
2009-02-04 23:14:13 ----D---- C:\Program Files\Movie Maker
2009-02-04 23:08:25 ----D---- C:\WINDOWS\system32\Restore
2009-02-04 23:08:24 ----D---- C:\WINDOWS\system32\npp
2009-02-04 23:08:24 ----D---- C:\WINDOWS\mui
2009-02-04 23:08:21 ----D---- C:\WINDOWS\msagent
2009-02-04 23:08:18 ----D---- C:\WINDOWS\srchasst
2009-02-04 23:08:16 ----D---- C:\Program Files\NetMeeting
2009-02-04 23:08:13 ----D---- C:\WINDOWS\system32\Com
2009-02-04 23:08:06 ----D---- C:\Program Files\Windows NT
2009-02-04 23:08:06 ----D---- C:\Program Files\Outlook Express
2009-02-04 23:08:00 ----D---- C:\Program Files\Common Files\System
2009-02-04 23:07:13 ----D---- C:\WINDOWS\system32\oobe
2009-02-04 23:07:08 ----D---- C:\WINDOWS\system
2009-02-04 22:52:53 ----D---- C:\WINDOWS\ehome
2009-02-04 22:30:40 ----D---- C:\WINDOWS\ie7updates
2009-02-04 21:48:54 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-04 20:25:59 ----D---- C:\Program Files\Common Files\s?stem
2009-02-04 18:41:58 ----D---- C:\Documents and Settings
2009-02-04 18:28:26 ----D---- C:\WINDOWS\system32\config
2009-02-04 18:16:49 ----SD---- C:\WINDOWS\Tasks
2009-02-04 18:05:56 ----A---- C:\WINDOWS\system32\ryjksqnqrib.exe
2009-02-04 17:58:03 ----A---- C:\WINDOWS\system32\f7840095-.txt
2009-01-11 19:31:10 ----D---- C:\Program Files\Belkin(2)
2009-01-11 19:30:52 ----D---- C:\Program Files\Belkin(3)
2009-01-11 19:30:32 ----RD---- C:\Program Files\Skype
2009-01-11 19:29:01 ----D---- C:\Program Files\CyberDefender
2009-01-11 19:25:39 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-11 19:25:38 ----D---- C:\Program Files\Google
2009-01-11 19:25:32 ----D---- C:\WINDOWS\twain_32
2009-01-11 19:25:32 ----D---- C:\Program Files\Common Files\LogiShrd
2009-01-11 19:25:29 ----D---- C:\WINDOWS\system32\Macromed
2009-01-11 19:24:49 ----D---- C:\Program Files\eGames
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2008-06-12 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-06-12 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AR5211;Belkin Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2008-06-12 30630]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2002-10-11 264528]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2008-06-12 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-02-03 490784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-04 950096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------






info.txt logfile of random's system information tool 1.05 2009-02-07 16:18:47

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belkin Wireless G Cardbus Adapter-->C:\Program Files\InstallShield Installation Information\{E3935FBB-53C6-48BB-B9C4-1407AAD34523}\setup.exe -runfromtemp -l0x0409
Cube Hopper-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Galaxy of Arcade\Cube Hopper\DeIsL2.isu" -cC:\PROGRA~1\GALAXY~1\CUBEHO~1\_ISREG32.DLL
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DPS-->"C:\WINDOWS\system32\iesvcmon.exe" -u
Drop-->C:\PROGRA~1\eGames\Drop\UNWISE.EXE C:\PROGRA~1\eGames\Drop\INSTALL.LOG
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Galaxy of Games Gold Edition-->C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hot Shots Burper-->C:\WINDOWS\uninst.exe -fC:\Disney\Burper\DeIsL1.isu
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
PCTEL 2304WT V.9x MDC Modem Drivers-->ptuninst.exe
RON Too1 Bigadnetwork-->C:\WINDOWS\system32\ryjksqnqrib.exe
RON Tool Globaladsolution-->C:\WINDOWS\system32\jqyecwcvseawfn.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics TouchPad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090207-0]

System event log

Computer Name: DELL-C8AF8CCF0
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{B69F25B5-6445-43E7-AA34-56C75E09A5AD} because a master browser was stopped.

Record Number: 1151
Source Name: BROWSER
Time Written: 20090119135552.000000-300
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 4201
Message: The system detected that network adapter Belkin...Cardbus Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1150
Source Name: Tcpip
Time Written: 20090119135101.000000-300
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 4201
Message: The system detected that network adapter Belkin...Cardbus Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1149
Source Name: Tcpip
Time Written: 20090119135101.000000-300
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 1148
Source Name: Service Control Manager
Time Written: 20090119135058.000000-300
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 4201
Message: The system detected that network adapter Belkin...Cardbus Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 1147
Source Name: Tcpip
Time Written: 20090119135053.000000-300
Event Type: information
User:

Application event log

Computer Name: DELL-C8AF8CCF0
Event Code: 0
Message:
Record Number: 486
Source Name: Viewpoint Manager Service
Time Written: 20080718085855.000000-240
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 1517
Message: Windows saved user DELL-C8AF8CCF0\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 485
Source Name: Userenv
Time Written: 20080714125306.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DELL-C8AF8CCF0
Event Code: 0
Message:
Record Number: 484
Source Name: gusvc
Time Written: 20080714125206.000000-240
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 483
Source Name: SecurityCenter
Time Written: 20080714125022.000000-240
Event Type: information
User:

Computer Name: DELL-C8AF8CCF0
Event Code: 0
Message:
Record Number: 482
Source Name: Viewpoint Manager Service
Time Written: 20080714125020.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Edited by petergriffen, 07 February 2009 - 04:22 PM.


#6 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 08 February 2009 - 03:25 AM

Remove programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    DPS
    RON Too1 Bigadnetwork
    RON Tool Globaladsolution
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

  • Click on Yes, to continue scanning for malware.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
  • A description of how your computer is behaving


#7 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 February 2009 - 07:12 PM

nothing new on the comp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:29 PM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233801772730
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program










ComboFix 09-02-08.01 - Dell 2009-02-08 18:50:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.238 [GMT -5:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090208-1] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dell\Application Data\WNSXS~1
c:\documents and settings\Dell\Application Data\YMANTE~1
c:\documents and settings\Dell\Cookies\amesyfeb.reg
c:\documents and settings\Dell\Cookies\nebilojuj.db
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\cazolupohy.dat
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\kuwynykaba.dl
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\uxybiryc.bat
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\ysuhalet.db
c:\documents and settings\Dell\My Documents\CURITY~1
c:\documents and settings\Guest\Cookies\sacytyd.reg
c:\documents and settings\Guest\Local Settings\Temporary Internet Files\CPV.stt
c:\program files\Common Files\crosof~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\sstem3~1
c:\program files\Common Files\sstem3~1\s?stem32\
c:\program files\crosof~1
c:\windows\system32\esscujwf.ini
c:\windows\system32\euxgibie.ini
c:\windows\system32\fmihtbgy.ini
c:\windows\system32\fwdttdmu.ini
c:\windows\system32\ieulwlqc.ini
c:\windows\system32\mdqlfiac.ini
c:\windows\system32\ncndidlf.ini
c:\windows\system32\osdcmmsg.ini
c:\windows\system32\pfssrwwr.ini
c:\windows\system32\vdljprue.ini
c:\windows\system32\wnsxs~1

.
((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 18:19 . 2009-02-08 18:19 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-07 16:18 . 2009-02-07 16:18 <DIR> d-------- C:\rsit
2009-02-06 21:27 . 2009-02-06 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-06 21:26 . 2009-02-06 21:26 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-06 21:21 . 2009-02-06 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\Dell\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 19:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 21:24 . 2009-02-05 21:24 <DIR> d--h----- c:\windows\PIF
2009-02-05 21:17 . 2009-02-05 21:17 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Search
2009-02-05 20:08 . 2009-02-05 20:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\MSBuild
2009-02-05 19:41 . 2009-02-05 19:43 <DIR> d-------- C:\e533cb0d15242dd2434d15cb507e
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-05 19:41 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-05 19:41 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-05 18:58 . 2009-02-05 18:58 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Desktop Search
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-05 18:53 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-05 18:53 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-05 18:53 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-05 18:50 . 2009-02-05 18:50 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-05 18:42 . 2009-02-05 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-05 18:34 . 2009-02-05 18:37 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\scripting
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\en
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\bits
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\l2schemas
2009-02-04 23:08 . 2009-02-04 23:15 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-04 22:24 . 2009-02-04 22:24 197 --a------ c:\windows\system32\MRT.INI
2009-02-04 22:16 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-04 22:15 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-04 22:15 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 22:13 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-04 22:13 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-04 22:13 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-04 21:44 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-04 21:26 . 2009-02-05 18:12 411 --a------ c:\windows\wininit.ini
2009-02-04 20:05 . 2009-02-04 18:15 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 19:51 . 2009-02-04 19:51 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-04 18:41 . 2009-02-04 18:42 <DIR> d-------- c:\documents and settings\Administrator
2009-02-04 18:26 . 2009-02-04 18:26 <DIR> d-------- c:\program files\Alwil Software
2009-02-04 18:15 . 2009-02-04 18:15 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 18:15 . 2009-02-04 18:15 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 18:13 . 2009-02-04 18:13 <DIR> d-------- c:\program files\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 18:08 . 2009-02-04 18:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 18:08 . 2009-02-04 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 17:59 . 2009-02-04 20:39 <DIR> d--hs---- c:\windows\RGVsbA
2009-01-20 00:13 . 2009-02-07 14:41 <DIR> d-------- c:\program files\WebShow
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\program files\Belkin
2009-01-11 19:29 . 2009-01-11 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\windows\owzz
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Synaptics
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Roxio
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Common Files\owzz
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Common Files\Adaptec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-07 18:20 --------- d-----w c:\program files\McAfee
2009-01-12 00:31 --------- d-----w c:\program files\Belkin(2)
2009-01-12 00:30 --------- d-----w c:\program files\Belkin(3)
2009-01-12 00:29 --------- d-----w c:\program files\CyberDefender
2009-01-12 00:25 --------- d-----w c:\program files\Google
2009-01-12 00:25 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-12 00:24 --------- d-----w c:\program files\eGames
2009-01-03 15:50 --------- d-----w c:\documents and settings\Dell\Application Data\MSNInstaller
2009-01-03 13:20 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-03 13:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-19 02:23 15,861 ----a-w c:\program files\Common Files\xufo.sys
2008-11-10 03:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-01 12:43 253,952 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT
2008-10-22 22:32 10,848 ----a-w c:\documents and settings\All Users\Application Data\poqytuk.dat
2008-10-17 04:24 18,981 -c--a-w c:\documents and settings\All Users\Application Data\idek.pif
2008-10-17 04:24 15,932 ----a-w c:\program files\Common Files\ojolopeled.dl
2008-10-17 04:24 14,181 ----a-w c:\program files\Common Files\oxocup._dl
2008-10-17 04:24 14,123 ----a-w c:\documents and settings\Dell\Application Data\odyryjamiw.dat
2008-10-17 04:24 11,616 -c--a-w c:\documents and settings\All Users\Application Data\fexexerab.com
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-02-27 1736704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-09 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bufh]
c:\program files\Common Files\s?stem\m?hta.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-11-02 20:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-06 206096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-07-08 24652]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-16 57344]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 18:15]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{45E17257-5554-45D5-BA11-8B6485D28F4E} - c:\windows\system32\opnoMeFy.dll
BHO-{6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9} - c:\windows\system32\msug.dll
BHO-{97f56af3-c191-4106-8173-88229b82f5d8} - (no file)
BHO-{B4C25866-C04D-E1B1-8D6D-E6E20AE79202} - (no file)
HKLM-Run-iesvcmon - c:\windows\system32\iesvcmon.exe
HKLM-RunOnce-DELDIR0.EXE - c:\docume~1\Dell\LOCALS~1\Temp\DELDIR0.EXE
Notify-cbxYPJyY - (no file)
MSConfigStartUp-BMff94f777 - c:\windows\system32\pfctbmhp.dll
MSConfigStartUp-brastk - c:\windows\system32\brastk.exe
MSConfigStartUp-GetModule35 - c:\program files\GetModule\GetModule35.exe
MSConfigStartUp-GetPack28 - c:\program files\GetPack\GetPack28.exe
MSConfigStartUp-Gool - c:\documents and settings\Dell\Application Data\Gool\Gool.exe
MSConfigStartUp-nvlxwxissjt - c:\windows\system32\tcqowcmhwxthampvd.dll
MSConfigStartUp-owzz - c:\progra~1\COMMON~1\owzz\owzzm.exe
MSConfigStartUp-SfKg6wIP - c:\documents and settings\Dell\Application Data\Microsoft\Windows\badnjkf.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpeedRunner - c:\documents and settings\Dell\Application Data\SpeedRunner\SpeedRunner.exe
MSConfigStartUp-Tair - c:\progra~1\COMMON~1\SSTEM3~1\wowexec.exe
MSConfigStartUp-VnrBlock21 - c:\program files\VnrBlock\VnrBlock21.exe
MSConfigStartUp-webHancer Agent - c:\program files\webHancer\Programs\whagent.exe
MSConfigStartUp-XP Antispyware 2009 - c:\program files\XP_AntiSpyware\XP_AntiSpyware.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:58:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
DELDIR0.EXE = "c:\docume~1\Dell\LOCALS~1\Temp\DELDIR0.EXE" "c:\program files\McAfee\McAfee Shared Components\Guardian\"??????????????|????H???l??|q??|???????|????$??? ??|???????|x??|????q??|?o?w`??????????|? ??,???Q??|?? ?m??|? ??????????????????????????????????v???C?:?\?P?r?o?g?r?a?m? ?F?i?l?e?s?\?M?c?A?f?e?e?\?M?c?????e?e? ?S?h?a?r?e?d? ?C?o?m?p?o?n?e?n??? ?\?G?u?a?r?d?i?a?n?\?????????p???? ?????????|p??|????m??|????x???~y?wT??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Completion time: 2009-02-08 19:04:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-09 00:04:23

Pre-Run: 11,473,666,048 bytes free
Post-Run: 11,530,346,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

265 --- E O F --- 2009-02-06 02:43:07

#8 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 09 February 2009 - 10:56 AM

Hello!

Please keep Spybots teatimer and AdWatch disabled until we are finished.


Spybot S&D Teatimer

We need to disable Spybot S&D's TeaTimer. TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running. In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on
    Advanced Mode

    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
  • Reboot your machine for the changes to take effect.
Disable AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:
  • Open AdAware SE
  • Go to AdWatch User Interface
  • Go to Tools and Preferences
  • At the bottom of the screen you will see 2 options Active and Automatic
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
Run CFScript
  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:
File::
c:\documents and settings\All Users\Application Data\fexexerab.com
c:\documents and settings\Dell\Application Data\odyryjamiw.dat
c:\program files\Common Files\oxocup._dl
c:\program files\Common Files\ojolopeled.dl
c:\documents and settings\All Users\Application Data\idek.pif
c:\documents and settings\All Users\Application Data\poqytuk.dat
c:\program files\Common Files\xufo.sys

Folder::
c:\windows\RGVsbA
c:\program files\WebShow
c:\windows\owzz
c:\program files\CyberDefender
c:\program files\Common Files\owzz
c:\program files\Common Files\s?stem

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}"=-
[-HKEY_CLASSES_ROOT\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bufh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.



ATF-Cleaner

Please download ATF Cleaner by Atribune.
  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords please click No at the prompt.

  • Click Exit on the Main menu to close the program.
Eset online scannner

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Combofix Log (found at C:\Combofix.txt)
  • ESET log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving


#9 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 February 2009 - 08:04 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:35 PM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {45E17257-5554-45D5-BA11-8B6485D28F4E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9} - (no file)
O2 - BHO: (no name) - {97f56af3-c191-4106-8173-88229b82f5d8} - (no file)
O2 - BHO: (no name) - {B4C25866-C04D-E1B1-8D6D-E6E20AE79202} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233801772730
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: cbxYPJyY - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6757 bytes










# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3839 (20090209)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=17a9643e80e3ce4091cb7b8d79777fa5
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-02-10 12:41:25
# local_time=2009-02-09 07:41:25 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=98275
# found=3
# scan_time=1915
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gool.zip Win32/Bagle.gen.zip worm DAE7A6E66D5406E3F6562ADAE5DDC334
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip Win32/Bagle.gen.zip worm 49D8ADB60450FB940BB15A9E73241720
C:\WINDOWS\system32\nsv1B.dll a variant of Win32/Adware.GooochiBiz application EA96CB01C90DA18EA52CD6FC5AD7A973




ComboFix 09-02-08.02 - Dell 2009-02-09 17:53:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.233 [GMT -5:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090209-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\fexexerab.com
c:\documents and settings\All Users\Application Data\idek.pif
c:\documents and settings\All Users\Application Data\poqytuk.dat
c:\documents and settings\Dell\Application Data\odyryjamiw.dat
c:\program files\Common Files\ojolopeled.dl
c:\program files\Common Files\oxocup._dl
c:\program files\Common Files\xufo.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\fexexerab.com
c:\documents and settings\All Users\Application Data\idek.pif
c:\documents and settings\All Users\Application Data\poqytuk.dat
c:\documents and settings\Dell\Application Data\odyryjamiw.dat
c:\program files\Common Files\ojolopeled.dl
c:\program files\Common Files\owzz
c:\program files\Common Files\owzz\owzza.lck
c:\program files\Common Files\owzz\owzzl.lck
c:\program files\Common Files\owzz\owzzm.lck
c:\program files\Common Files\oxocup._dl
c:\program files\Common Files\xufo.sys
c:\program files\CyberDefender
c:\program files\CyberDefender\AntiVirus\cdavpat.dat.04
c:\program files\CyberDefender\AntiVirus\cdavpat.dat.05
c:\program files\CyberDefender\AntiVirus\cdavpat.dat.06
c:\program files\WebShow
c:\windows\owzz
c:\windows\RGVsbA

.
((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-08 18:19 . 2009-02-08 18:19 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-07 16:18 . 2009-02-07 16:18 <DIR> d-------- C:\rsit
2009-02-06 21:27 . 2009-02-06 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-06 21:26 . 2009-02-06 21:26 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-06 21:21 . 2009-02-06 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\Dell\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 19:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 21:24 . 2009-02-05 21:24 <DIR> d--h----- c:\windows\PIF
2009-02-05 21:17 . 2009-02-05 21:17 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Search
2009-02-05 20:08 . 2009-02-05 20:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\MSBuild
2009-02-05 19:41 . 2009-02-05 19:43 <DIR> d-------- C:\e533cb0d15242dd2434d15cb507e
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-05 19:41 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-05 19:41 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-05 18:58 . 2009-02-05 18:58 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Desktop Search
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-05 18:53 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-05 18:53 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-05 18:53 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-05 18:50 . 2009-02-05 18:50 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-05 18:42 . 2009-02-05 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-05 18:34 . 2009-02-05 18:37 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\scripting
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\en
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\bits
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\l2schemas
2009-02-04 23:08 . 2009-02-04 23:15 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-04 22:24 . 2009-02-04 22:24 197 --a------ c:\windows\system32\MRT.INI
2009-02-04 22:16 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-04 22:15 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-04 22:15 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 22:13 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-04 22:13 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-04 22:13 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-04 21:44 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-04 21:26 . 2009-02-05 18:12 411 --a------ c:\windows\wininit.ini
2009-02-04 20:05 . 2009-02-04 18:15 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 19:51 . 2009-02-04 19:51 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-04 18:41 . 2009-02-04 18:42 <DIR> d-------- c:\documents and settings\Administrator
2009-02-04 18:26 . 2009-02-04 18:26 <DIR> d-------- c:\program files\Alwil Software
2009-02-04 18:15 . 2009-02-04 18:15 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 18:15 . 2009-02-04 18:15 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 18:13 . 2009-02-04 18:13 <DIR> d-------- c:\program files\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 18:08 . 2009-02-04 18:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 18:08 . 2009-02-04 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\program files\Belkin
2009-01-11 19:29 . 2009-01-11 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Synaptics
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Roxio
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Common Files\Adaptec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-07 18:20 --------- d-----w c:\program files\McAfee
2009-01-12 00:31 --------- d-----w c:\program files\Belkin(2)
2009-01-12 00:30 --------- d-----w c:\program files\Belkin(3)
2009-01-12 00:25 --------- d-----w c:\program files\Google
2009-01-12 00:25 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-12 00:24 --------- d-----w c:\program files\eGames
2009-01-07 12:26 686,592 ----a-w c:\windows\system32\nsv1B.dll
2009-01-03 15:50 --------- d-----w c:\documents and settings\Dell\Application Data\MSNInstaller
2009-01-03 13:20 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-03 13:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-10 03:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-01 12:43 253,952 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_19.02.13.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 23:55:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-02-09 22:43:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-02-27 1736704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-09 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxYPJyY]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-06 206096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-07-08 24652]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-16 57344]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 18:15]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{45E17257-5554-45D5-BA11-8B6485D28F4E} - (no file)
BHO-{6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9} - (no file)
BHO-{97f56af3-c191-4106-8173-88229b82f5d8} - (no file)
BHO-{B4C25866-C04D-E1B1-8D6D-E6E20AE79202} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 17:56:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-09 18:00:11
ComboFix-quarantined-files.txt 2009-02-09 22:59:54
ComboFix2.txt 2009-02-09 00:04:31

Pre-Run: 11,510,800,384 bytes free
Post-Run: 11,502,440,448 bytes free

215 --- E O F --- 2009-02-06 02:43:07

#10 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 10 February 2009 - 08:10 AM

Hello!

Go to this folder and empty it (DO NOT delete the folder): C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery


Spybot S&D Teatimer

We need to disable Spybot S&D's TeaTimer. TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running. In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on
    Advanced Mode

    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
  • Reboot your machine for the changes to take effect.
Disable AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:
  • Open AdAware SE
  • Go to AdWatch User Interface
  • Go to Tools and Preferences
  • At the bottom of the screen you will see 2 options Active and Automatic
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
Run CFScript
  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:
File::
C:\WINDOWS\system32\nsv1B.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45E17257-5554-45D5-BA11-8B6485D28F4E}]
[-HKEY_CLASSES_ROOT\CLSID\{45E17257-5554-45D5-BA11-8B6485D28F4E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9}]
[-HKEY_CLASSES_ROOT\CLSID\{6DF0BD4E-00DD-7D7A-8C4D-50C0702984C9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f56af3-c191-4106-8173-88229b82f5d8}]
[-HKEY_CLASSES_ROOT\CLSID\{97f56af3-c191-4106-8173-88229b82f5d8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4C25866-C04D-E1B1-8D6D-E6E20AE79202}]
[-HKEY_CLASSES_ROOT\CLSID\{B4C25866-C04D-E1B1-8D6D-E6E20AE79202}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxYPJyY]

Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it



Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.


    How to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Optional Fix

You appear to have a program on your system called Logitech® Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program but this is entirely your decision. Should you wish to uninstall the program, please follow these instructions.
  • Click Start.
  • Click Control Panel.
  • Double click Add or Remove Programs.
  • When the list has generated, scroll to Logitech Desktop Messenger.
  • Click Logitech Desktop Messenger to highlight it .
  • Click the button, Change/Remove.
  • Close Add or Remove Programs and Control Panel.
Or use this method: Go to Start > All Programs > Logitech and select Desktop Messenger. There are two check boxes which are self-explanatory. If you wish to stop the notifications, uncheck both boxes. The boxes are:

"Notifications about available Logitech software upgrades"
"Notifications about Logitech products, services, and special offers"

I suggest doing all updates yourself and removing this application!


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
  • A description of how your computer is behaving


#11 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 10 February 2009 - 07:36 PM

computer seems to be running good

ComboFix 09-02-08.02 - Dell 2009-02-10 18:06:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.211 [GMT -5:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\nsv1B.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nsv1B.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-09 19:06 . 2009-02-09 19:41 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-09 18:17 . 2009-02-09 18:17 0 --a------ c:\windows\nsreg.dat
2009-02-08 18:19 . 2009-02-08 18:19 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-07 16:18 . 2009-02-07 16:18 <DIR> d-------- C:\rsit
2009-02-06 21:27 . 2009-02-06 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-06 21:26 . 2009-02-06 21:26 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-06 21:21 . 2009-02-06 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\Dell\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-02-06 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-06 19:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 19:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 21:24 . 2009-02-05 21:24 <DIR> d--h----- c:\windows\PIF
2009-02-05 21:17 . 2009-02-05 21:17 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Search
2009-02-05 20:08 . 2009-02-05 20:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-05 19:44 . 2009-02-05 19:44 <DIR> d-------- c:\program files\MSBuild
2009-02-05 19:41 . 2009-02-05 19:43 <DIR> d-------- C:\e533cb0d15242dd2434d15cb507e
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-05 19:41 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-05 19:41 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-05 19:41 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-05 19:41 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-05 18:58 . 2009-02-05 18:58 <DIR> d-------- c:\documents and settings\Dell\Application Data\Windows Desktop Search
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-05 18:56 . 2009-02-05 18:56 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-05 18:53 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-05 18:53 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-05 18:53 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-05 18:50 . 2009-02-05 18:50 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-05 18:42 . 2009-02-05 18:45 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-05 18:34 . 2009-02-05 18:37 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-05 17:31 . 2008-04-13 19:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\scripting
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\en
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\system32\bits
2009-02-04 23:14 . 2009-02-04 23:14 <DIR> d-------- c:\windows\l2schemas
2009-02-04 23:08 . 2009-02-04 23:15 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-04 22:24 . 2009-02-04 22:24 197 --a------ c:\windows\system32\MRT.INI
2009-02-04 22:16 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-04 22:15 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-04 22:15 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-04 22:15 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-04 22:13 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-04 22:13 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-04 22:13 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-04 21:44 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-04 21:26 . 2009-02-05 18:12 411 --a------ c:\windows\wininit.ini
2009-02-04 20:05 . 2009-02-04 18:15 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 19:51 . 2009-02-04 19:51 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-04 18:41 . 2009-02-04 18:42 <DIR> d-------- c:\documents and settings\Administrator
2009-02-04 18:26 . 2009-02-04 18:26 <DIR> d-------- c:\program files\Alwil Software
2009-02-04 18:15 . 2009-02-04 18:15 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 18:15 . 2009-02-04 18:15 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 18:13 . 2009-02-04 18:13 <DIR> d-------- c:\program files\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 18:13 . 2009-02-04 18:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 18:08 . 2009-02-04 18:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 18:08 . 2009-02-04 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 19:31 . 2009-01-11 19:31 <DIR> d-------- c:\program files\Belkin
2009-01-11 19:29 . 2009-01-11 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Synaptics
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Roxio
2009-01-11 19:25 . 2009-01-11 19:25 <DIR> d-------- c:\program files\Common Files\Adaptec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-07 18:20 --------- d-----w c:\program files\McAfee
2009-01-12 00:31 --------- d-----w c:\program files\Belkin(2)
2009-01-12 00:30 --------- d-----w c:\program files\Belkin(3)
2009-01-12 00:25 --------- d-----w c:\program files\Google
2009-01-12 00:25 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-12 00:24 --------- d-----w c:\program files\eGames
2009-01-03 15:50 --------- d-----w c:\documents and settings\Dell\Application Data\MSNInstaller
2009-01-03 13:20 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-03 13:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-10 03:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-01 12:43 253,952 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_19.02.13.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-02 16:20:00 43,016 ----a-w c:\windows\Downloaded Program Files\mhLbl.dll
+ 2009-02-10 22:43:50 2,580 ----a-w c:\windows\SoftwareDistribution\EventCache\{18B9A5C5-D0D6-4F0E-B527-42057D119A23}.bin
+ 2007-07-27 19:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 19:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 00:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 17:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2008-02-11 14:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 14:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 18:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 13:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2009-02-10 22:37:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\windows\system32\pctspk.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Cardbus Adapter Utility.lnk - c:\program files\Belkin\F5D7010v8\Belkinwcui.exe [2008-02-27 1736704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-09 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-06 206096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-07-08 24652]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7010v8\jswpsapi.exe [2007-10-29 352338]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-16 57344]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 18:15]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\egpnqtx9.default\
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:09:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-10 18:12:43
ComboFix-quarantined-files.txt 2009-02-10 23:12:31
ComboFix2.txt 2009-02-09 23:00:12
ComboFix3.txt 2009-02-09 00:04:31

Pre-Run: 11,414,233,088 bytes free
Post-Run: 11,417,694,208 bytes free

202 --- E O F --- 2009-02-06 02:43:07




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:25 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin Wireless G Cardbus Adapter Utility.lnk = C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233801772730
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

--
End of file - 5679 bytes

#12 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:01:34 PM

Posted 12 February 2009 - 01:09 AM

Firewall

Looking over your log it seems you don't have any evidence of a third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:
  • RSIT and the folder C:rsit(You can just delete the exe file from your desktop)
  • ATF cleaner (You can just delete the exe file from your desktop)
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.
  • Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Posted Image
    Please advise if this step is missed for any reason as it performs some important actions.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    You can now re-enable Spybots Teatimer and Lavasofts add watch

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE
Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera
Here is a great article by miekiemoes How to prevent Malware.


Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard

#13 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 12 February 2009 - 10:35 PM

Thanks so much

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:34 PM

Posted 14 February 2009 - 09:13 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users