Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have trojan downloader and other malware


  • This topic is locked This topic is locked
32 replies to this topic

#1 ismaouma

ismaouma

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 November 2009 - 06:57 PM

Hi, my laptop became very slow, gives serious error messages (blue screen when turning off). My webcam stopped working so I downloaded a software for drivers (Driver Robot), I deleted it afterwards but now I lost sound completely in the system. My Cogeco Security Services detected a trojan downloader but couldn't desinfect as it changed name! Now the system is even slower, irresponsive most of the time...Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:44 PM, on 26/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsqh.exe
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hispeed.rogers.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [RpsInstall] C:\Program Files\InstallShield Installation Information\{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}\RpsPackage.exe USE_DEFAULTS CADR_RESTART IIGUID={1711FBF0-FFAF-4B78-BDEA-5CC15B451174}
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; Rogers Hi-Speed Internet; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Rogers Hi-Speed Internet; 978906603)" -"http://www.miniclip.com/games/max-speed/en/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O18 - Protocol: bw+0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C53C56A7-19D6-43BE-96BB-E978700C1584} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9f2a47e32aba) (gupdate1c9f2a47e32aba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 26047 bytes

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:47 AM

Posted 01 December 2009 - 11:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 07 December 2009 - 01:43 PM

Thank you for your reply, here are the logs you requested. Malwarebytes keeps detecting new malware each time I run a scan...


DDS (Ver_09-12-01.01) - NTFSx86
Run by omar at 11:51:40.89 on 07/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.416 [GMT -5:00]

AV: Smart Virus Eliminator *On-access scanning enabled* (Updated) {136DFE51-4882-4949-86D6-4294D81AA9D7}
AV: COGECO Security Services 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Smart Virus Eliminator *enabled* {D235C1DE-D1DD-4D14-9713-0E96D3BA528B}
FW: COGECO Security Services 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsqh.exe
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\omar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://rogers.yahoo.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
uDefault_Page_URL = hxxp://www.hispeed.rogers.com
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: RHSI Toolbar: {4df5b116-4fd9-4039-b377-1130953a980f} - c:\progra~1\rogers~1\rhsito~1\Toolband.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WebCamRT.exe]
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; Rogers Hi-Speed Internet; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Rogers Hi-Speed Internet; 978906603)" -"http://www.miniclip.com/games/max-speed/en/"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [RpsInstall] c:\program files\installshield installation information\{68f129e0-ef23-4cce-a03f-b2c1a6dc9013}\RpsPackage.exe USE_DEFAULTS CADR_RESTART IIGUID={1711FBF0-FFAF-4B78-BDEA-5CC15B451174}
mRun: [F-Secure Manager] "c:\program files\cogeco security services\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\cogeco security services\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\omar\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\cogeco security services\fsps\program\FSLSP.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-9-22 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-9-22 79872]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2006-10-12 18110]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\cogeco security services\hips\drivers\fshs.sys [2009-9-22 67808]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2006-10-12 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2006-10-12 423454]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\cogeco security services\anti-virus\fsgk32st.exe [2009-9-22 215648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-21 54752]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cogeco security services\anti-virus\minifilter\fsgk.sys [2009-9-22 101496]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\cogeco security services\orsp client\fsorsp.exe [2009-9-22 55904]
S2 gupdate1c9f2a47e32aba;Google Update Service (gupdate1c9f2a47e32aba);c:\program files\google\update\GoogleUpdate.exe [2009-6-21 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-26 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\cogeco security services\anti-virus\win2k\fsfilter.sys [2009-9-22 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\cogeco security services\anti-virus\win2k\fsrec.sys [2009-9-22 25184]

=============== Created Last 30 ================

2009-12-06 00:00:40 0 d-----w- C:\.jagex_cache_32
2009-12-04 18:46:26 0 d-----w- c:\program files\Virtual Earth 3D
2009-12-04 18:23:30 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-12-04 18:23:30 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-12-04 18:23:27 141016 ----a-w- c:\windows\system32\alsndmgr.wav
2009-12-04 18:23:27 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-12-04 18:21:29 0 d-----w- c:\program files\Realtek AC97
2009-12-04 18:21:16 315392 ----a-w- c:\windows\alcupd.exe
2009-12-04 18:21:15 217088 ----a-w- c:\windows\alcrmv.exe
2009-12-04 18:20:08 18734784 ----a-w- c:\program files\WDM_A406.exe
2009-11-26 20:28:49 358944 ----a-w- c:\windows\vncutil.exe
2009-11-26 20:28:49 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-26 20:28:43 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-26 20:28:43 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-26 20:28:38 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-26 20:28:30 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-11-26 20:12:29 30970281 ----a-w- c:\program files\WDM_R237.exe
2009-11-25 18:08:02 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2009-11-25 18:06:09 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-11-25 18:06:09 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-11-25 18:06:09 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2009-11-25 17:57:09 51052264 ----a-w- c:\program files\lws110.exe
2009-11-25 17:54:04 53539128 ----a-w- c:\program files\lws110_x64.exe
2009-11-25 17:29:54 0 d-----w- c:\docume~1\omar\applic~1\Blitware
2009-11-25 11:18:57 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-24 15:27:35 0 d-----w- c:\windows\system32\XPSViewer
2009-11-24 15:26:02 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-24 15:26:02 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-24 15:26:02 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-24 15:26:02 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-24 15:26:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-24 15:26:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-24 15:26:02 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-24 15:26:01 0 d-----w- C:\ef38a71c7080f8d8d85c6ef86572fc5c
2009-11-21 17:22:01 0 d-----w- c:\documents and settings\omar\Tracing
2009-11-21 17:09:15 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-21 17:08:20 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-21 16:55:49 0 d-----w- c:\program files\Microsoft
2009-11-21 16:42:30 0 d-----w- c:\program files\common files\Windows Live
2009-11-09 03:52:55 0 d-----w- c:\program files\MSECache
2009-11-09 03:52:20 28868320 ----a-w- c:\program files\FileFormatConverters.exe

==================== Find3M ====================

2009-12-07 01:00:33 39 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences.dat
2009-12-07 01:00:32 69 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences2.dat
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 01:27:08 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-18 01:27:08 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-18 01:27:02 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-18 01:26:56 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-18 01:26:50 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-18 01:26:50 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-18 00:51:38 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 18:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-29 17:19:36 23256 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-22 20:07:22 74366024 ----a-w- c:\program files\CSS_Installer_eng.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-27 18:01:21 330752 ----a-w- c:\program files\RichUpload.msi
2009-04-08 19:03:26 607640 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw.exe
2008-07-21 17:04:00 1295 ----a-w- c:\program files\1216659870056-integrated.jnlp
2008-07-21 15:45:15 10978 ----a-w- c:\program files\hijackthis.log
2008-07-21 15:38:55 686630 ----a-w- c:\program files\dss.exe
2008-06-30 00:41:22 401720 ----a-w- c:\program files\Hijakth.exe
2008-06-30 00:41:22 401720 ----a-w- c:\program files\HiJackThis.exe
2008-06-30 00:28:00 9722720 ----a-w- c:\program files\spybotsd152.exe
2008-04-05 03:27:08 46008720 ----a-w- c:\program files\zaSuiteSetup_70_470_000_en.exe
2008-03-18 18:29:53 210416 ----a-w- c:\program files\zasuiteSetup_en.exe
2008-03-02 13:39:02 23454528 ----a-w- c:\program files\AdbeRdr812_en_US.exe
2008-02-14 21:05:31 59196712 ----a-w- c:\program files\iTunesSetup.exe
2008-02-07 12:39:55 686608 ----a-w- c:\program files\wpsetup.exe
2008-02-05 02:47:32 21364592 ----a-w- c:\program files\aaw2007.exe
2008-01-16 00:03:51 301447 ----a-w- c:\program files\fbarab.zip
2007-12-31 23:26:14 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-09-13 15:13:10 314 ----a-w- c:\program files\INSTALL.LOG
2008-09-06 22:12:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 11:53:22.01 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 08 December 2009 - 04:06 PM

Hello ismaouma,

:( to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.


COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 08 December 2009 - 05:38 PM

Here is the log you requested. Thank you!

ComboFix 09-12-08.03 - omar 08/12/2009 17:12:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.569 [GMT -5:00]
Running from: c:\program files\ComboFix.exe
AV: COGECO Security Services 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: COGECO Security Services 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\omar\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\omar\Local Settings\Temp\IadHide5.dll
c:\documents and settings\omar\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\INSTALL.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 21:53 . 2009-12-08 21:53 -------- d-----w- c:\documents and settings\omar\Application Data\F-Secure
2009-12-08 21:49 . 2009-12-08 21:50 3842778 ----a-r- c:\program files\ComboFix.exe
2009-12-07 18:18 . 2009-12-07 18:18 -------- d-----w- c:\documents and settings\omar\Application Data\Uniblue
2009-12-07 18:18 . 2009-12-07 18:18 -------- d-----w- c:\program files\Uniblue
2009-12-07 18:16 . 2009-12-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-07 18:13 . 2009-12-07 18:13 14452040 ----a-w- c:\program files\winzip140.exe
2009-12-06 00:00 . 2009-12-06 00:00 -------- d-----w- C:\.jagex_cache_32
2009-12-04 18:49 . 2009-12-04 18:49 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\assembly
2009-12-04 18:47 . 2009-12-04 18:47 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\IsolatedStorage
2009-12-04 18:46 . 2009-12-04 18:47 -------- d-----w- c:\program files\Virtual Earth 3D
2009-12-04 18:23 . 2008-09-24 15:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-12-04 18:23 . 2006-10-18 07:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-12-04 18:23 . 2006-12-08 20:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-12-04 18:21 . 2009-12-04 18:21 -------- d-----w- c:\program files\Realtek AC97
2009-12-04 18:21 . 2006-07-31 16:19 315392 ----a-w- c:\windows\alcupd.exe
2009-12-04 18:21 . 2006-07-31 16:27 217088 ----a-w- c:\windows\alcrmv.exe
2009-12-04 18:20 . 2009-12-04 18:20 18734784 ----a-w- c:\program files\WDM_A406.exe
2009-11-26 22:54 . 2009-12-04 01:27 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-26 20:28 . 2009-11-18 01:27 358944 ----a-w- c:\windows\vncutil.exe
2009-11-26 20:28 . 2009-11-18 01:27 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-26 20:28 . 2009-11-18 01:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-26 20:28 . 2009-11-18 01:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-26 20:28 . 2006-01-04 20:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-26 20:28 . 2008-08-06 01:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-11-26 20:12 . 2009-11-26 20:15 30970281 ----a-w- c:\program files\WDM_R237.exe
2009-11-25 18:10 . 2009-11-25 18:10 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\LogiShrd
2009-11-25 18:09 . 2009-11-25 18:09 -------- d-----w- c:\documents and settings\omar\Application Data\Leadertech
2009-11-25 18:08 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2009-11-25 18:06 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-11-25 18:06 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-11-25 18:06 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2009-11-25 17:59 . 2009-11-25 17:59 152576 ----a-w- c:\documents and settings\omar\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 17:57 . 2009-11-25 17:57 51052264 ----a-w- c:\program files\lws110.exe
2009-11-25 17:54 . 2009-11-25 17:54 53539128 ----a-w- c:\program files\lws110_x64.exe
2009-11-25 17:29 . 2009-11-25 17:29 -------- d-----w- c:\documents and settings\omar\Application Data\Blitware
2009-11-24 15:28 . 2009-11-24 15:28 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\program files\MSBuild
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\program files\Reference Assemblies
2009-11-24 15:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-24 15:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-24 15:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-24 15:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-24 15:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-24 15:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-24 15:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-24 15:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-24 15:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-24 15:26 . 2009-11-24 15:26 -------- d-----w- C:\ef38a71c7080f8d8d85c6ef86572fc5c
2009-11-23 00:47 . 2009-11-25 17:58 79488 ----a-w- c:\documents and settings\omar\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 17:22 . 2009-12-08 22:23 -------- d-----w- c:\documents and settings\omar\Tracing
2009-11-21 17:09 . 2009-11-24 04:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-21 17:09 . 2009-11-21 17:09 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-21 17:08 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-21 16:55 . 2009-11-21 17:09 -------- d-----w- c:\program files\Microsoft
2009-11-21 16:42 . 2009-11-21 16:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 02:34 . 2009-11-14 02:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-09 03:52 . 2009-11-09 03:52 -------- d-----w- c:\program files\MSECache
2009-11-09 03:52 . 2009-11-09 03:52 28868320 ----a-w- c:\program files\FileFormatConverters.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 20:56 . 2009-09-22 16:29 -------- d-----w- c:\program files\COGECO Security Services
2009-12-07 01:00 . 2009-10-11 22:09 39 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences.dat
2009-12-07 01:00 . 2009-10-11 22:10 69 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences2.dat
2009-12-04 18:46 . 2006-09-13 20:42 28648 ----a-w- c:\documents and settings\omar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 18:21 . 2006-02-21 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 01:27 . 2009-08-24 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 00:45 . 2006-11-21 01:29 -------- d-----w- c:\program files\Google
2009-12-03 21:14 . 2009-08-24 21:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-08-24 21:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 20:28 . 2006-02-21 14:17 -------- d-----w- c:\program files\Realtek
2009-11-25 18:29 . 2006-02-21 13:50 -------- d-----w- c:\program files\Java
2009-11-25 18:09 . 2007-02-09 00:21 -------- d-----w- c:\program files\Logitech
2009-11-25 18:09 . 2008-10-31 17:42 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-11-25 18:06 . 2007-02-09 00:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-23 15:16 . 2008-03-02 13:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 17:07 . 2008-03-07 13:24 -------- d-----w- c:\program files\Windows Live
2009-11-20 04:18 . 2008-06-30 00:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 01:27 . 2006-02-21 14:18 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-18 01:27 . 2006-02-21 14:17 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-18 01:27 . 2006-02-21 14:17 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-18 01:26 . 2006-02-21 14:17 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-18 01:26 . 2006-02-21 14:17 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-18 01:26 . 2006-02-21 14:17 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-18 00:51 . 2006-02-21 14:17 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-14 02:38 . 2008-03-19 11:57 -------- d-----w- c:\program files\Safari
2009-11-02 18:48 . 2006-02-21 14:17 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-31 15:37 . 2009-10-31 15:35 -------- d-----w- c:\program files\iTunes
2009-10-31 15:36 . 2009-10-31 15:36 -------- d-----w- c:\program files\iPod
2009-10-31 15:36 . 2008-02-14 21:37 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 15:27 . 2009-10-31 15:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 17:19 . 2009-10-29 17:19 23256 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-14 18:40 . 2009-10-14 18:40 296280 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
2009-10-14 18:37 . 2009-10-14 18:37 6781272 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
2009-10-11 09:17 . 2009-04-08 19:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 06:46 . 2009-10-07 06:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 06:23 . 2009-10-07 06:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-09-22 20:22 . 2009-09-22 16:31 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-09-22 20:07 . 2009-09-22 16:07 74366024 ----a-w- c:\program files\CSS_Installer_eng.exe
2009-09-22 15:03 . 2009-07-30 16:09 95520 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-22 15:03 . 2009-07-30 16:09 9020960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-11 14:18 . 2006-02-21 08:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-27 18:01 . 2009-08-27 18:01 330752 ----a-w- c:\program files\RichUpload.msi
2009-04-08 19:03 . 2009-04-08 19:03 607640 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw.exe
2008-07-21 17:04 . 2008-07-21 17:04 1295 ----a-w- c:\program files\1216659870056-integrated.jnlp
2008-07-21 15:45 . 2008-06-30 00:41 10978 ----a-w- c:\program files\hijackthis.log
2008-07-21 15:38 . 2008-07-21 15:38 686630 ----a-w- c:\program files\dss.exe
2008-06-30 00:41 . 2008-07-21 15:45 401720 ----a-w- c:\program files\Hijakth.exe
2008-06-30 00:41 . 2008-06-30 00:40 401720 ----a-w- c:\program files\HiJackThis.exe
2008-06-30 00:28 . 2008-06-30 00:27 9722720 ----a-w- c:\program files\spybotsd152.exe
2008-04-05 03:27 . 2008-04-05 03:27 46008720 ----a-w- c:\program files\zaSuiteSetup_70_470_000_en.exe
2008-03-18 18:29 . 2008-03-18 18:29 210416 ----a-w- c:\program files\zasuiteSetup_en.exe
2008-03-02 13:39 . 2008-03-02 13:38 23454528 ----a-w- c:\program files\AdbeRdr812_en_US.exe
2008-02-14 21:05 . 2008-01-31 00:27 59196712 ----a-w- c:\program files\iTunesSetup.exe
2008-02-07 12:39 . 2008-02-07 12:39 686608 ----a-w- c:\program files\wpsetup.exe
2008-02-05 02:47 . 2008-02-05 02:47 21364592 ----a-w- c:\program files\aaw2007.exe
2008-01-16 00:03 . 2008-01-16 00:03 301447 ----a-w- c:\program files\fbarab.zip
2007-12-31 23:26 . 2007-12-31 19:58 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-31 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe" [BU]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-09 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2009-04-06 182936]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2009-04-06 957024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18789408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-31 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 15:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 16:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 23:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-02 08:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-02-09 16:15 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 01:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
2006-02-27 19:15 131072 ----a-w- c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-09-07 16:13 292152 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [22/09/2009 11:31 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [22/09/2009 11:31 AM 79872]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [12/10/2006 2:31 PM 18110]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\COGECO Security Services\HIPS\drivers\fshs.sys [22/09/2009 11:30 AM 67808]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [12/10/2006 2:31 PM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [12/10/2006 2:31 PM 423454]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/11/2009 12:08 PM 54752]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [22/09/2009 11:29 AM 101496]
S2 gupdate1c9f2a47e32aba;Google Update Service (gupdate1c9f2a47e32aba);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 2:11 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26/11/2009 3:28 PM 1684736]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\COGECO Security Services\ORSP Client\fsorsp.exe [22/09/2009 11:30 AM 55904]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys [22/09/2009 11:29 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys [22/09/2009 11:29 AM 25184]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\COGECO Security Services\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-WebCamRT.exe - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-RpsInstall - c:\program files\InstallShield Installation Information\{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}\RpsPackage.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-APVXDWIN - c:\program files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
MSConfigStartUp-CFSServ - CFSServ.exe
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fssui.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
AddRemove-legacyqcam_10.50 - c:\program files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.50.1091\LgDrvInst.exe -remove -instdirc:\program files\Common Files\LogiShrd\LogiDriverStore\legacyqcam -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkeylegacyqcam_10.50
AddRemove-lvdrivers_12.10 - c:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe -remove -instdirc:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkeylvdrivers_12.10
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu
AddRemove-PC Diagnostic Tool - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\PCDiag\Uninst.isu
AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu -cc:\windows\system32\TPSDel.dll
AddRemove-Yahoo! Mail Advisor - c:\progra~1\Yahoo!\Common\UNINST~2.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-195545783-3681819884-1160933521-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(928)
c:\program files\COGECO Security Services\FSPS\program\FSLSP.DLL
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\omar\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL

- - - - - - - > 'csrss.exe'(840)
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\COGECO Security Services\Anti-Virus\FSGK32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\windows\system32\wscntfy.exe
c:\program files\COGECO Security Services\Common\FSLAUNCH.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-12-08 17:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 22:32

Pre-Run: 85,012,234,240 bytes free
Post-Run: 85,112,913,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4491EAB74B9419F643606FEAC743B65F

#6 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 08 December 2009 - 05:38 PM

Here is the log you requested. Thank you!

ComboFix 09-12-08.03 - omar 08/12/2009 17:12:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.569 [GMT -5:00]
Running from: c:\program files\ComboFix.exe
AV: COGECO Security Services 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: COGECO Security Services 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\omar\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\omar\Local Settings\Temp\IadHide5.dll
c:\documents and settings\omar\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\INSTALL.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 21:53 . 2009-12-08 21:53 -------- d-----w- c:\documents and settings\omar\Application Data\F-Secure
2009-12-08 21:49 . 2009-12-08 21:50 3842778 ----a-r- c:\program files\ComboFix.exe
2009-12-07 18:18 . 2009-12-07 18:18 -------- d-----w- c:\documents and settings\omar\Application Data\Uniblue
2009-12-07 18:18 . 2009-12-07 18:18 -------- d-----w- c:\program files\Uniblue
2009-12-07 18:16 . 2009-12-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-07 18:13 . 2009-12-07 18:13 14452040 ----a-w- c:\program files\winzip140.exe
2009-12-06 00:00 . 2009-12-06 00:00 -------- d-----w- C:\.jagex_cache_32
2009-12-04 18:49 . 2009-12-04 18:49 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\assembly
2009-12-04 18:47 . 2009-12-04 18:47 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\IsolatedStorage
2009-12-04 18:46 . 2009-12-04 18:47 -------- d-----w- c:\program files\Virtual Earth 3D
2009-12-04 18:23 . 2008-09-24 15:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-12-04 18:23 . 2006-10-18 07:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-12-04 18:23 . 2006-12-08 20:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-12-04 18:21 . 2009-12-04 18:21 -------- d-----w- c:\program files\Realtek AC97
2009-12-04 18:21 . 2006-07-31 16:19 315392 ----a-w- c:\windows\alcupd.exe
2009-12-04 18:21 . 2006-07-31 16:27 217088 ----a-w- c:\windows\alcrmv.exe
2009-12-04 18:20 . 2009-12-04 18:20 18734784 ----a-w- c:\program files\WDM_A406.exe
2009-11-26 22:54 . 2009-12-04 01:27 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-26 20:28 . 2009-11-18 01:27 358944 ----a-w- c:\windows\vncutil.exe
2009-11-26 20:28 . 2009-11-18 01:27 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-26 20:28 . 2009-11-18 01:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-26 20:28 . 2009-11-18 01:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-26 20:28 . 2006-01-04 20:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-26 20:28 . 2008-08-06 01:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-11-26 20:12 . 2009-11-26 20:15 30970281 ----a-w- c:\program files\WDM_R237.exe
2009-11-25 18:10 . 2009-11-25 18:10 -------- d-----w- c:\documents and settings\omar\Local Settings\Application Data\LogiShrd
2009-11-25 18:09 . 2009-11-25 18:09 -------- d-----w- c:\documents and settings\omar\Application Data\Leadertech
2009-11-25 18:08 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2009-11-25 18:06 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-11-25 18:06 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-11-25 18:06 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2009-11-25 17:59 . 2009-11-25 17:59 152576 ----a-w- c:\documents and settings\omar\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 17:57 . 2009-11-25 17:57 51052264 ----a-w- c:\program files\lws110.exe
2009-11-25 17:54 . 2009-11-25 17:54 53539128 ----a-w- c:\program files\lws110_x64.exe
2009-11-25 17:29 . 2009-11-25 17:29 -------- d-----w- c:\documents and settings\omar\Application Data\Blitware
2009-11-24 15:28 . 2009-11-24 15:28 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\program files\MSBuild
2009-11-24 15:27 . 2009-11-24 15:27 -------- d-----w- c:\program files\Reference Assemblies
2009-11-24 15:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-24 15:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-24 15:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-24 15:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-24 15:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-24 15:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-24 15:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-24 15:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-24 15:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-24 15:26 . 2009-11-24 15:26 -------- d-----w- C:\ef38a71c7080f8d8d85c6ef86572fc5c
2009-11-23 00:47 . 2009-11-25 17:58 79488 ----a-w- c:\documents and settings\omar\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 17:22 . 2009-12-08 22:23 -------- d-----w- c:\documents and settings\omar\Tracing
2009-11-21 17:09 . 2009-11-24 04:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-21 17:09 . 2009-11-21 17:09 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-21 17:08 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-21 16:55 . 2009-11-21 17:09 -------- d-----w- c:\program files\Microsoft
2009-11-21 16:42 . 2009-11-21 16:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 02:34 . 2009-11-14 02:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-09 03:52 . 2009-11-09 03:52 -------- d-----w- c:\program files\MSECache
2009-11-09 03:52 . 2009-11-09 03:52 28868320 ----a-w- c:\program files\FileFormatConverters.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 20:56 . 2009-09-22 16:29 -------- d-----w- c:\program files\COGECO Security Services
2009-12-07 01:00 . 2009-10-11 22:09 39 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences.dat
2009-12-07 01:00 . 2009-10-11 22:10 69 ----a-w- c:\documents and settings\omar\jagex_runescape_preferences2.dat
2009-12-04 18:46 . 2006-09-13 20:42 28648 ----a-w- c:\documents and settings\omar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 18:21 . 2006-02-21 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 01:27 . 2009-08-24 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 00:45 . 2006-11-21 01:29 -------- d-----w- c:\program files\Google
2009-12-03 21:14 . 2009-08-24 21:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-08-24 21:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 20:28 . 2006-02-21 14:17 -------- d-----w- c:\program files\Realtek
2009-11-25 18:29 . 2006-02-21 13:50 -------- d-----w- c:\program files\Java
2009-11-25 18:09 . 2007-02-09 00:21 -------- d-----w- c:\program files\Logitech
2009-11-25 18:09 . 2008-10-31 17:42 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-11-25 18:06 . 2007-02-09 00:24 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-23 15:16 . 2008-03-02 13:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 17:07 . 2008-03-07 13:24 -------- d-----w- c:\program files\Windows Live
2009-11-20 04:18 . 2008-06-30 00:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 01:27 . 2006-02-21 14:18 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-18 01:27 . 2006-02-21 14:17 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-18 01:27 . 2006-02-21 14:17 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-18 01:26 . 2006-02-21 14:17 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-18 01:26 . 2006-02-21 14:17 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-18 01:26 . 2006-02-21 14:17 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-18 00:51 . 2006-02-21 14:17 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-14 02:38 . 2008-03-19 11:57 -------- d-----w- c:\program files\Safari
2009-11-02 18:48 . 2006-02-21 14:17 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-31 15:37 . 2009-10-31 15:35 -------- d-----w- c:\program files\iTunes
2009-10-31 15:36 . 2009-10-31 15:36 -------- d-----w- c:\program files\iPod
2009-10-31 15:36 . 2008-02-14 21:37 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 15:27 . 2009-10-31 15:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 17:19 . 2009-10-29 17:19 23256 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-14 18:40 . 2009-10-14 18:40 296280 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
2009-10-14 18:37 . 2009-10-14 18:37 6781272 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
2009-10-11 09:17 . 2009-04-08 19:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 06:46 . 2009-10-07 06:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 06:23 . 2009-10-07 06:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-09-22 20:22 . 2009-09-22 16:31 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-09-22 20:07 . 2009-09-22 16:07 74366024 ----a-w- c:\program files\CSS_Installer_eng.exe
2009-09-22 15:03 . 2009-07-30 16:09 95520 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-22 15:03 . 2009-07-30 16:09 9020960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-11 14:18 . 2006-02-21 08:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-27 18:01 . 2009-08-27 18:01 330752 ----a-w- c:\program files\RichUpload.msi
2009-04-08 19:03 . 2009-04-08 19:03 607640 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw.exe
2008-07-21 17:04 . 2008-07-21 17:04 1295 ----a-w- c:\program files\1216659870056-integrated.jnlp
2008-07-21 15:45 . 2008-06-30 00:41 10978 ----a-w- c:\program files\hijackthis.log
2008-07-21 15:38 . 2008-07-21 15:38 686630 ----a-w- c:\program files\dss.exe
2008-06-30 00:41 . 2008-07-21 15:45 401720 ----a-w- c:\program files\Hijakth.exe
2008-06-30 00:41 . 2008-06-30 00:40 401720 ----a-w- c:\program files\HiJackThis.exe
2008-06-30 00:28 . 2008-06-30 00:27 9722720 ----a-w- c:\program files\spybotsd152.exe
2008-04-05 03:27 . 2008-04-05 03:27 46008720 ----a-w- c:\program files\zaSuiteSetup_70_470_000_en.exe
2008-03-18 18:29 . 2008-03-18 18:29 210416 ----a-w- c:\program files\zasuiteSetup_en.exe
2008-03-02 13:39 . 2008-03-02 13:38 23454528 ----a-w- c:\program files\AdbeRdr812_en_US.exe
2008-02-14 21:05 . 2008-01-31 00:27 59196712 ----a-w- c:\program files\iTunesSetup.exe
2008-02-07 12:39 . 2008-02-07 12:39 686608 ----a-w- c:\program files\wpsetup.exe
2008-02-05 02:47 . 2008-02-05 02:47 21364592 ----a-w- c:\program files\aaw2007.exe
2008-01-16 00:03 . 2008-01-16 00:03 301447 ----a-w- c:\program files\fbarab.zip
2007-12-31 23:26 . 2007-12-31 19:58 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-31 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe" [BU]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-09 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2009-04-06 182936]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2009-04-06 957024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18789408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-31 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 15:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 16:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 23:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-02 08:02 761948 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-02-09 16:15 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 01:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
2006-02-27 19:15 131072 ----a-w- c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2007-09-07 16:13 292152 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [22/09/2009 11:31 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [22/09/2009 11:31 AM 79872]
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [12/10/2006 2:31 PM 18110]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\COGECO Security Services\HIPS\drivers\fshs.sys [22/09/2009 11:30 AM 67808]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [12/10/2006 2:31 PM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [12/10/2006 2:31 PM 423454]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/11/2009 12:08 PM 54752]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [22/09/2009 11:29 AM 101496]
S2 gupdate1c9f2a47e32aba;Google Update Service (gupdate1c9f2a47e32aba);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 2:11 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26/11/2009 3:28 PM 1684736]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\COGECO Security Services\ORSP Client\fsorsp.exe [22/09/2009 11:30 AM 55904]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys [22/09/2009 11:29 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys [22/09/2009 11:29 AM 25184]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\COGECO Security Services\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-WebCamRT.exe - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-RpsInstall - c:\program files\InstallShield Installation Information\{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}\RpsPackage.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-APVXDWIN - c:\program files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
MSConfigStartUp-CFSServ - CFSServ.exe
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fssui.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
AddRemove-legacyqcam_10.50 - c:\program files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.50.1091\LgDrvInst.exe -remove -instdirc:\program files\Common Files\LogiShrd\LogiDriverStore\legacyqcam -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkeylegacyqcam_10.50
AddRemove-lvdrivers_12.10 - c:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe -remove -instdirc:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkeylvdrivers_12.10
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu
AddRemove-PC Diagnostic Tool - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\PCDiag\Uninst.isu
AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu -cc:\windows\system32\TPSDel.dll
AddRemove-Yahoo! Mail Advisor - c:\progra~1\Yahoo!\Common\UNINST~2.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-195545783-3681819884-1160933521-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(928)
c:\program files\COGECO Security Services\FSPS\program\FSLSP.DLL
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\omar\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL

- - - - - - - > 'csrss.exe'(840)
c:\program files\COGECO Security Services\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\COGECO Security Services\Anti-Virus\FSGK32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\windows\system32\wscntfy.exe
c:\program files\COGECO Security Services\Common\FSLAUNCH.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-12-08 17:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 22:32

Pre-Run: 85,012,234,240 bytes free
Post-Run: 85,112,913,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4491EAB74B9419F643606FEAC743B65F

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 09 December 2009 - 03:56 PM

Hello ismaouma,

First of all, click start > run, type devmgmt.cpl and press enter.
Locate the following devices in the list (you might have to click the + sign to expand categories to find them), right click on each of them and select enable. After enabling all those devices, reboot your computer and you should have sound back.

Realtek High Definition Audio
Logitech Mic (Communicate STX)
Audio Codecs
Legacy Audio Drivers
Media Control Devices
Legacy Video Capture Devices
Video Codecs
Microsoft Kernel System Audio Device



P2P WARNING
-------------------
Going over your logs I noticed that you have BitComet installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitComet, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please start MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 09 December 2009 - 10:34 PM

Hello again, first of all, I can't do the first step as the system gives me an error message, it doesn't recognize the command devmgmt.cpl. Second thing, I don't recall downloading BitComet nor was I able to locate in to delete it :(. I completed all other steps though, here is the log. I hope we can disinfect my system soon because it's corrupting everything in my system... Thank you.
(My eight year old does go to some gaming sites at times such as runescape.com and miniclip.com...If these are not safe, are there any safe ones at all?)

Malwarebytes' Anti-Malware 1.42
Database version: 3334
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/12/2009 10:13:22 PM
mbam-log-2009-12-09 (22-13-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 211171
Time elapsed: 1 hour(s), 24 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}\RP722\A0115381.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 10 December 2009 - 06:36 AM

Second thing, I don't recall downloading BitComet nor was I able to locate in to delete it

Sorry, this is my fault :( (real busy so I think I overlooked it). The program is uTorrent

The command error is also my fault, instead of devmgmt.cpl, it has to be devmgmt.msc

I really am sorry for this confusion :(

Please let me know if you can enable the devices now and what other problems are still persisting.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 14 December 2009 - 03:42 PM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 14 December 2009 - 04:18 PM

Hi, I don't know why I'm not receiving email notifications of new posts, although I have the option checked...Anyway, it seems this is taking forever....I opened device manager and found they are already enabled, although there is an exclamation mark on all...I think the drivers were corrupted when I downloaded the program "DriverRobot", maybe it's a way for them to persuade people to purchase their software!! Because I lost sound right after the installation. For UTorrent, I thought is was safe...Can you tell me what is the risk with it? Thank you...

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 14 December 2009 - 04:37 PM

Hello, sorry to hear about the problem with the e-mail notifications. Make sure you have set Immediate e-mail notifications and not Delayed e-mail notifications. You can change this under My Controls.

About uTorrent, not the application is a danger, but the things you can download with it.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.



At this point, I think the easiest thing to do with your drivers is, right click on the driver with exclamation mark, and select properties. Click on the Driver tab and click the Roll back driver button. After doing this for all the drivers, restart your computer.

If this doesn't solve the problem, try right-clicking on the device and selecting uninstall. Restart your computer and you will be probmpted with New hardware found. Allow your computer to search the internet and/or use any CD's that came with your hardware.

Let me know how this went.

Edited by elise025, 14 December 2009 - 04:38 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 15 December 2009 - 11:34 PM

I tried right clicking on the driver, I couldn't roll back on all of them (it says driver wasn't backed up) so I uninstalled all those drivers but after restarting I wasn't prompted so after a while I ran the wizard myself but I got a message that Windows cannot load the device driver for this hardware. The only option given is to start a troubleshooter. I don't get an option of downloading driver from the internet. I tried installing drivers myself, but when I try to update my drivers with the file I downloaded, it doesn't work... I'm really lost and very frustrated now...

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:47 AM

Posted 16 December 2009 - 04:34 AM

Can you please post me the specs of your computer (manufacturer, make, number) and please tell me if you did change hardware components since you purchased the computer, or if you are still using the hardware that came with your computer.

Also, please let me know if, besides the sound/hardware problems, you have any other problems left.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 ismaouma

ismaouma
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 17 December 2009 - 01:50 PM

I have a Toshiba Satellite A100-SK8 Model PSAA8C-SK800C. I am still using the same original hardware it came with no additions. I am experiencing some errors i.e. when shutting off I get a blue screen stating that system has recovered from a serious error, and it starts dumping physical memory, it counts till one hundred. Right now browsing has become very difficult also, it's slowing down even more, freezing and internet explorer will just close suddenly at times...Sometimes it wont load the page I request giving a message that It can't connect (although I am connected), it starts loading when I refresh though...

Edited by ismaouma, 18 December 2009 - 12:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users