Jump to content

Help Please....


Recommended Posts

I have got something and I can't seem to get rid of it. Any help will be appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:31:28 PM, on 3/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: {3cf88daa-9e3b-0b39-ae44-8d159308ae74} - {47ea8039-51d8-44ea-93b0-b3e9aad88fc3} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {72A74385-E7A1-AA3C-F969-68662BC09688} - C:\WINDOWS\System32\hlisdtum\lsitgjtu.dll (file missing)

O2 - BHO: (no name) - {8fa0fb8c-cd22-4bad-aa2f-1d1fcc837385} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [amuv] C:\WINDOWS\system32\pyby\amuv.exe

O4 - HKLM\..\Run: [isesvby] C:\WINDOWS\system32\ragvy\isesvby.exe

O4 - HKLM\..\Run: [sjhgwumn] C:\WINDOWS\system32\pmooa\sjhgwumn.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&dwin=1&memberStatus=NotSignedIn&year=09&month=2&day=25"

O4 - HKUS\S-1-5-19\..\Run: [liwibedolo] Rundll32.exe "C:\WINDOWS\system32\fiseziju.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [liwibedolo] Rundll32.exe "C:\WINDOWS\system32\fiseziju.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psapoll.com/img/secure/SecureImage.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129813763741

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477752DA-0386-47D3-920B-A61541DC1A35}: NameServer = 65.24.7.3,65.24.7.6

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\yohimodo.dll c:\windows\system32\zefehewu.dll foshed.dll

O23 - Service: amuvpyby - Unknown owner - C:\WINDOWS\system32\pyby\amuv.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ggipuljhdsiho - Unknown owner - C:\WINDOWS\system32\jhdsiho\ggipul.exe (file missing)

O23 - Service: gkkinqsarnv - Unknown owner - C:\WINDOWS\system32\nqsarnv\gkki.exe (file missing)

O23 - Service: hbhypvtrncokbp - Unknown owner - C:\WINDOWS\System32\ncokbp\hbhypvtr.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: kqctnvlqovguy - Unknown owner - C:\WINDOWS\system32\ovguy\kqctnvlq.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: lhjtgfvfwpigid - Unknown owner - C:\WINDOWS\system32\fwpigid\lhjtgfv.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: mhfwqlwjyv - Unknown owner - C:\WINDOWS\System32\wjyv\mhfwql.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: ndhdkkrsb - Unknown owner - C:\WINDOWS\System32\kkrsb\ndhd.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: woklwemepyp - Unknown owner - C:\WINDOWS\system32\mepyp\woklwe.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

O23 - Service: ycbayosvija - Unknown owner - C:\WINDOWS\system32\osvija\ycbay.exe (file missing)

--

End of file - 14598 bytes

Malwarebytes' Anti-Malware 1.34

Database version: 1815

Windows 5.1.2600 Service Pack 3

3/3/2009 4:17:28 PM

mbam-log-2009-03-03 (16-17-28).txt

Scan type: Full Scan (C:\|)

Objects scanned: 179277

Time elapsed: 1 hour(s), 31 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Avira AntiVir Personal

Report file date: Tuesday, March 03, 2009 11:10

Scanning for 1281206 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PITA

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 14:40:29

ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:40:31

ANTIVIR3.VDF : 7.1.2.111 53248 Bytes 3/3/2009 14:40:31

Engineversion : 8.2.0.98

AEVDF.DLL : 8.1.1.0 106868 Bytes 3/3/2009 14:40:40

AESCRIPT.DLL : 8.1.1.56 352634 Bytes 3/3/2009 14:40:39

AESCN.DLL : 8.1.1.7 127347 Bytes 3/3/2009 14:40:38

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38

AEPACK.DLL : 8.1.3.8 397684 Bytes 3/3/2009 14:40:37

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/3/2009 14:40:36

AEHEUR.DLL : 8.1.0.100 1618295 Bytes 3/3/2009 14:40:36

AEHELP.DLL : 8.1.2.2 119158 Bytes 3/3/2009 14:40:33

AEGEN.DLL : 8.1.1.22 336245 Bytes 3/3/2009 14:40:33

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 3/3/2009 14:40:32

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Tuesday, March 03, 2009 11:10

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'ATIRW.EXE' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'CTDetect.exe' - '1' Module(s) have been scanned

Scan process 'PSFree.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned

Scan process 'mmtask.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'AVWUPSRV.EXE' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

50 processes with 50 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '77' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2068\A0186774.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Mex.AB back-door program

[NOTE] The file was moved to '49de7f66.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2068\A0186804.exe

[DETECTION] Is the TR/Agent.832848.C Trojan

[NOTE] The file was moved to '49de7f6b.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2068\A0186821.exe

[DETECTION] Contains recognition pattern of the WORM/Rbot.836944 worm

[NOTE] The file was moved to '49de7f6e.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2071\A0187909.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '49de810a.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2071\A0187938.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '49de8113.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2079\A0191271.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49de812b.qua'!

C:\WINDOWS\SYSTEM32\anucyr.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4a22843a.qua'!

C:\WINDOWS\SYSTEM32\cdvmek.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4a238442.qua'!

C:\WINDOWS\SYSTEM32\foshed.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] The file was moved to '48561626.qua'!

C:\WINDOWS\SYSTEM32\ledanozo.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4a11846a.qua'!

C:\WINDOWS\SYSTEM32\tididubi.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4a11848e.qua'!

C:\WINDOWS\SYSTEM32\vidomovo.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4a118492.qua'!

End of the scan: Tuesday, March 03, 2009 14:27

Used time: 3:16:39 Hour(s)

The scan has been done completely.

8107 Scanning directories

407490 Files were scanned

12 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

12 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

407477 Files not concerned

3578 Archives were scanned

2 Warnings

12 Notes

Link to post
Share on other sites

MBAM Log

3/4/2009 7:34:58 PM

mbam-log-2009-03-04 (19-34-58).txt

Scan type: Quick Scan

Objects scanned: 53327

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

\Downloader for Visio Professional 2003.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

\Firefox Setup 1.5.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.

HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:36:21 PM, on 3/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: {3cf88daa-9e3b-0b39-ae44-8d159308ae74} - {47ea8039-51d8-44ea-93b0-b3e9aad88fc3} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {72A74385-E7A1-AA3C-F969-68662BC09688} - C:\WINDOWS\System32\hlisdtum\lsitgjtu.dll (file missing)

O2 - BHO: (no name) - {8fa0fb8c-cd22-4bad-aa2f-1d1fcc837385} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [amuv] C:\WINDOWS\system32\pyby\amuv.exe

O4 - HKLM\..\Run: [isesvby] C:\WINDOWS\system32\ragvy\isesvby.exe

O4 - HKLM\..\Run: [sjhgwumn] C:\WINDOWS\system32\pmooa\sjhgwumn.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&dwin=1&memberStatus=NotSignedIn&year=09&month=2&day=25"

O4 - HKUS\S-1-5-19\..\Run: [liwibedolo] Rundll32.exe "C:\WINDOWS\system32\fiseziju.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [liwibedolo] Rundll32.exe "C:\WINDOWS\system32\fiseziju.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psapoll.com/img/secure/SecureImage.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129813763741

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477752DA-0386-47D3-920B-A61541DC1A35}: NameServer = 65.24.7.3,65.24.7.6

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: c:\windows\system32\yohimodo.dll c:\windows\system32\zefehewu.dll foshed.dll

O23 - Service: amuvpyby - Unknown owner - C:\WINDOWS\system32\pyby\amuv.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ggipuljhdsiho - Unknown owner - C:\WINDOWS\system32\jhdsiho\ggipul.exe (file missing)

O23 - Service: gkkinqsarnv - Unknown owner - C:\WINDOWS\system32\nqsarnv\gkki.exe (file missing)

O23 - Service: hbhypvtrncokbp - Unknown owner - C:\WINDOWS\System32\ncokbp\hbhypvtr.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: kqctnvlqovguy - Unknown owner - C:\WINDOWS\system32\ovguy\kqctnvlq.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: lhjtgfvfwpigid - Unknown owner - C:\WINDOWS\system32\fwpigid\lhjtgfv.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: mhfwqlwjyv - Unknown owner - C:\WINDOWS\System32\wjyv\mhfwql.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: ndhdkkrsb - Unknown owner - C:\WINDOWS\System32\kkrsb\ndhd.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: woklwemepyp - Unknown owner - C:\WINDOWS\system32\mepyp\woklwe.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

O23 - Service: ycbayosvija - Unknown owner - C:\WINDOWS\system32\osvija\ycbay.exe (file missing)

--

End of file - 14751 bytes

Help me please.....

Link to post
Share on other sites

Please don't edit your logs as you did with your MBAM log.

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Please don't edit your logs as you did with your MBAM log.

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

I didn't edit the log. That is what come up as the log for the quickscan.

I will do the combofix tomorrow around noon, that is the soonest that I can get to it.

Link to post
Share on other sites

ComboFix 09-03-04.01 - Bobbie 2009-03-05 11:50:21.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.217 [GMT -5:00]

Running from: c:\documents and settings\Bobbie\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\lswmv.ini

c:\program files\Common Files\uninstall information

c:\program files\INSTALL.LOG

c:\windows\patch.exe

c:\windows\system32\umutegas.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SVCPROC

((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))

.

2009-03-03 14:30 . 2009-03-03 14:30 <DIR> d-------- c:\program files\Trend Micro

2009-03-03 09:37 . 2009-03-03 09:37 <DIR> d-------- c:\program files\Avira

2009-03-03 09:37 . 2009-03-03 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-03-03 09:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-03-03 09:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-03-02 00:22 . 2009-03-02 00:52 <DIR> d-------- c:\program files\NOS

2009-03-02 00:22 . 2009-03-02 00:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

2009-03-01 23:30 . 2009-03-01 23:29 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

2009-03-01 23:30 . 2009-03-01 23:29 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl

2009-03-01 21:52 . 2009-03-01 21:52 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\Malwarebytes

2009-03-01 21:51 . 2009-03-03 09:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-01 21:51 . 2009-03-01 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-01 20:44 . 2009-03-01 20:44 376 --a------ C:\03-01-09.reg

2009-02-28 23:36 . 2009-03-03 08:50 <DIR> d-------- c:\program files\Panda Security

2009-02-28 22:58 . 2009-02-28 23:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0

2009-02-28 11:10 . 2009-02-28 11:07 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys

2009-02-28 11:07 . 2009-02-28 12:39 <DIR> d-------- c:\documents and settings\Bobbie\.housecall6.6

2009-02-25 16:05 . 2009-02-25 16:05 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\X10 Commander

2009-02-25 04:16 . 2009-02-25 04:16 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\Cat's Eye Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 13:52 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-03 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-03 13:43 --------- d-----w c:\program files\PC Tools AntiVirus

2009-03-03 07:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-02 05:27 --------- d-----w c:\program files\Common Files\Adobe

2009-03-02 04:29 --------- d-----w c:\program files\Java

2009-03-01 03:59 --------- d-----w c:\documents and settings\Bobbie\Application Data\Uniblue

2009-02-25 20:30 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-03 14:04 --------- d-----w c:\documents and settings\Bobbie\Application Data\Coyotes Tale

2009-01-31 05:30 --------- d-----w c:\documents and settings\All Users\Application Data\PlayPond

2009-01-31 05:28 --------- d-----w c:\program files\Oberon Media

2009-01-31 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\SpecialBit

2009-01-24 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\ERS G-Studio

2009-01-06 09:05 --------- d-----w c:\documents and settings\Bobbie\Application Data\PlayFirst

2009-01-06 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst

2007-10-11 10:47 66,312 ----a-w c:\documents and settings\Bobbie\Application Data\GDIPFONTCACHEV1.DAT

2005-11-10 10:48 774,144 ----a-w c:\program files\RngInterstitial.dll

2005-07-28 18:46 848 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys

2008-08-23 08:08 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-15 106571]

"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-26 185896]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]

"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\SYSTEM32\bthprops.cpl]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-10 24576]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-12 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-16 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe

"MMTray"=c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

"ekgrlox"=c:\windows\System32\ryjoyco\ekgrlox.exe

"funiph"=c:\windows\System32\ytdaafa\funiph.exe

"hbhypvtr"=c:\windows\System32\ncokbp\hbhypvtr.exe

"hmdphwx"=c:\windows\System32\xdilmix\hmdphwx.exe

"ibvde"=c:\windows\System32\qknvyjkj\ibvde.exe

"ndhd"=c:\windows\System32\kkrsb\ndhd.exe

"ntebv"=c:\windows\System32\hsdrvhtq\ntebv.exe

"onjp"=c:\windows\System32\qruyrvgj\onjp.exe

"qvki"=c:\windows\System32\fwymunqr\qvki.exe

"sjdtglg"=c:\windows\System32\ntuw\sjdtglg.exe

"SkyH2"=c:\docume~1\Bobbie\LOCALS~1\Temp\frlas.exe

"ubxabicb"=c:\windows\System32\aasv\ubxabicb.exe

"ucdoa"=c:\windows\System32\wttkqms\ucdoa.exe

"yjprcp"=c:\windows\System32\npkdn\yjprcp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\WINDOWS\\SYSTEM32\\SOL.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:RealVNC

R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2005-08-30 45096]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-03 179856]

R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [2009-03-03 15504]

S2 amuvpyby;amuvpyby;c:\windows\system32\pyby\amuv.exe --> c:\windows\system32\pyby\amuv.exe [?]

S2 ggipuljhdsiho;ggipuljhdsiho;c:\windows\system32\jhdsiho\ggipul.exe --> c:\windows\system32\jhdsiho\ggipul.exe [?]

S2 gkkinqsarnv;gkkinqsarnv;c:\windows\system32\nqsarnv\gkki.exe --> c:\windows\system32\nqsarnv\gkki.exe [?]

S2 hbhypvtrncokbp;hbhypvtrncokbp;c:\windows\System32\ncokbp\hbhypvtr.exe --> c:\windows\System32\ncokbp\hbhypvtr.exe [?]

S2 kqctnvlqovguy;kqctnvlqovguy;c:\windows\system32\ovguy\kqctnvlq.exe --> c:\windows\system32\ovguy\kqctnvlq.exe [?]

S2 lhjtgfvfwpigid;lhjtgfvfwpigid;c:\windows\system32\fwpigid\lhjtgfv.exe --> c:\windows\system32\fwpigid\lhjtgfv.exe [?]

S2 mhfwqlwjyv;mhfwqlwjyv;c:\windows\System32\wjyv\mhfwql.exe --> c:\windows\System32\wjyv\mhfwql.exe [?]

S2 ndhdkkrsb;ndhdkkrsb;c:\windows\System32\kkrsb\ndhd.exe --> c:\windows\System32\kkrsb\ndhd.exe [?]

S2 woklwemepyp;woklwemepyp;c:\windows\system32\mepyp\woklwe.exe --> c:\windows\system32\mepyp\woklwe.exe [?]

S2 ycbayosvija;ycbayosvija;c:\windows\system32\osvija\ycbay.exe --> c:\windows\system32\osvija\ycbay.exe [?]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

S3 cbittrr;cbittrr;\??\c:\windows\system32\ragvy\cbittrr --> c:\windows\system32\ragvy\cbittrr [?]

S3 erhcrdc;erhcrdc;\??\c:\windows\System32\wogw\erhcrdc --> c:\windows\System32\wogw\erhcrdc [?]

S3 hrjmbpv;hrjmbpv;\??\c:\windows\System32\ytdaafa\hrjmbpv --> c:\windows\System32\ytdaafa\hrjmbpv [?]

S3 iciryfc;iciryfc;\??\c:\windows\system32\knunlwe\iciryfc --> c:\windows\system32\knunlwe\iciryfc [?]

S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys --> c:\windows\system32\DRIVERS\mr97310v.sys [?]

S3 nrfdqjn;nrfdqjn;\??\c:\windows\System32\npkdn\nrfdqjn --> c:\windows\System32\npkdn\nrfdqjn [?]

S3 nxdxaae;nxdxaae;\??\c:\windows\system32\lwaltmlh\nxdxaae --> c:\windows\system32\lwaltmlh\nxdxaae [?]

S3 sbpwoff;sbpwoff;\??\c:\windows\system32\ehnacar\sbpwoff --> c:\windows\system32\ehnacar\sbpwoff [?]

S3 tdmobrx;tdmobrx;\??\c:\windows\system32\pyby\tdmobrx --> c:\windows\system32\pyby\tdmobrx [?]

S3 wracbsg;wracbsg;\??\c:\windows\system32\mepyp\wracbsg.sys --> c:\windows\system32\mepyp\wracbsg.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\84599017-a743-4be3-971d-1366843c7626]

c:\windows\System32\onmmrox.exe

.

Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-03-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Bobbie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for Bobbie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-11-16 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

.

- - - - ORPHANS REMOVED - - - -

BHO-{47ea8039-51d8-44ea-93b0-b3e9aad88fc3} - (no file)

BHO-{72A74385-E7A1-AA3C-F969-68662BC09688} - c:\windows\System32\hlisdtum\lsitgjtu.dll

BHO-{8fa0fb8c-cd22-4bad-aa2f-1d1fcc837385} - (no file)

HKCU-Run-HitwarePKLite - c:\program files\Hitware Popup Killer Lite\HitwarePKLite.exe

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

HKCU-RunOnce-Shockwave Updater - c:\windows\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

HKLM-Run-amuv - c:\windows\system32\pyby\amuv.exe

HKLM-Run-isesvby - c:\windows\system32\ragvy\isesvby.exe

HKLM-Run-sjhgwumn - c:\windows\system32\pmooa\sjhgwumn.exe

HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: aol.com\free

TCP: {477752DA-0386-47D3-920B-A61541DC1A35} = 65.24.7.3,65.24.7.6

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} - hxxp://www.psapoll.com/img/secure/SecureImage.cab

DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab

FF - ProfilePath - c:\documents and settings\Bobbie\Application Data\Mozilla\Firefox\Profiles\h8hp3bfh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/flash/index.cfm

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 11:56:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbittrr]

"ImagePath"="\??\c:\windows\system32\ragvy\cbittrr"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\erhcrdc]

"ImagePath"="\??\c:\windows\System32\wogw\erhcrdc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hrjmbpv]

"ImagePath"="\??\c:\windows\System32\ytdaafa\hrjmbpv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iciryfc]

"ImagePath"="\??\c:\windows\system32\knunlwe\iciryfc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrfdqjn]

"ImagePath"="\??\c:\windows\System32\npkdn\nrfdqjn"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxdxaae]

"ImagePath"="\??\c:\windows\system32\lwaltmlh\nxdxaae"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbpwoff]

"ImagePath"="\??\c:\windows\system32\ehnacar\sbpwoff"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdmobrx]

"ImagePath"="\??\c:\windows\system32\pyby\tdmobrx"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\ati2evxx.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe

c:\windows\SYSTEM32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\SYSTEM32\ati2evxx.exe

c:\windows\SYSTEM32\rundll32.exe

c:\progra~1\Belkin\BLUETO~1\BTSTAC~1.EXE

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

.

**************************************************************************

.

Completion time: 2009-03-05 12:05:46 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-05 17:04:24

Pre-Run: 56,098,021,376 bytes free

Post-Run: 58,239,119,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

279 --- E O F --- 2009-03-05 15:35:28

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:30 PM, on 3/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psapoll.com/img/secure/SecureImage.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129813763741

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477752DA-0386-47D3-920B-A61541DC1A35}: NameServer = 65.24.7.3,65.24.7.6

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: amuvpyby - Unknown owner - C:\WINDOWS\system32\pyby\amuv.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ggipuljhdsiho - Unknown owner - C:\WINDOWS\system32\jhdsiho\ggipul.exe (file missing)

O23 - Service: gkkinqsarnv - Unknown owner - C:\WINDOWS\system32\nqsarnv\gkki.exe (file missing)

O23 - Service: hbhypvtrncokbp - Unknown owner - C:\WINDOWS\System32\ncokbp\hbhypvtr.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: kqctnvlqovguy - Unknown owner - C:\WINDOWS\system32\ovguy\kqctnvlq.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: lhjtgfvfwpigid - Unknown owner - C:\WINDOWS\system32\fwpigid\lhjtgfv.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: mhfwqlwjyv - Unknown owner - C:\WINDOWS\System32\wjyv\mhfwql.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: ndhdkkrsb - Unknown owner - C:\WINDOWS\System32\kkrsb\ndhd.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: woklwemepyp - Unknown owner - C:\WINDOWS\system32\mepyp\woklwe.exe (file missing)

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

O23 - Service: ycbayosvija - Unknown owner - C:\WINDOWS\system32\osvija\ycbay.exe (file missing)

--

End of file - 12687 bytes

Link to post
Share on other sites

Here is the latest Malwarebytes scan.

alwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

3/5/2009 1:36:16 PM

mbam-log-2009-03-05 (13-36-16).txt

Scan type: Full Scan (C:\|)

Objects scanned: 162439

Time elapsed: 1 hour(s), 0 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Bobbie\Desktop\Unused Desktop Shortcuts\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bobbie\Desktop\Unused Desktop Shortcuts\yie7setup_news.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\WMFDist9_5\WMFDist.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2085\A0192752.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2085\A0192753.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\DLLCACHE\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

This is the latest Avira scan as well.

Avira AntiVir Personal

Report file date: Thursday, March 05, 2009 13:39

Scanning for 1285039 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PITA

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 14:40:29

ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:40:31

ANTIVIR3.VDF : 7.1.2.128 113664 Bytes 3/5/2009 18:38:42

Engineversion : 8.2.0.105

AEVDF.DLL : 8.1.1.0 106868 Bytes 3/3/2009 14:40:40

AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/5/2009 18:39:00

AESCN.DLL : 8.1.1.8 127346 Bytes 3/5/2009 18:38:58

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38

AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 11:25:45

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/3/2009 14:40:36

AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/5/2009 18:38:57

AEHELP.DLL : 8.1.2.2 119158 Bytes 3/3/2009 14:40:33

AEGEN.DLL : 8.1.1.25 336243 Bytes 3/5/2009 18:38:47

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 3/3/2009 14:40:32

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Thursday, March 05, 2009 13:39

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned

Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'ATIRW.EXE' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'CTDetect.exe' - '1' Module(s) have been scanned

Scan process 'PSFree.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned

Scan process 'mmtask.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'AVWUPSRV.EXE' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

51 processes with 51 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '77' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2087\A0192866.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49e12466.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2087\A0192869.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49e1246c.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2087\A0192870.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49e1246e.qua'!

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2087\A0192871.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49e12471.qua'!

End of the scan: Thursday, March 05, 2009 14:26

Used time: 46:50 Minute(s)

The scan has been done completely.

7084 Scanning directories

342288 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

342283 Files not concerned

3640 Archives were scanned

1 Warnings

4 Notes

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\System32\onmmrox.exe

Driver::

amuvpyby

ggipuljhdsiho

gkkinqsarnv

hbhypvtrncokbp

kqctnvlqovguy

lhjtgfvfwpigid

mhfwqlwjyv

ndhdkkrsb

woklwemepyp

ycbayosvija

cbittrr

erhcrdc

hrjmbpv

iciryfc

nrfdqjn

nxdxaae

sbpwoff

tdmobrx

wracbsg

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\84599017-a743-4be3-971d-1366843c7626]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbittrr]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\erhcrdc]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hrjmbpv]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iciryfc]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nrfdqjn]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxdxaae]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbpwoff]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdmobrx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ekgrlox"=-

"funiph"=-

"hbhypvtr"=-

"hmdphwx"=-

"ibvde"=-

"ndhd"=-

"ntebv"=-

"onjp"=-

"qvki"=-

"sjdtglg"=-

"SkyH2"=-

"ubxabicb"=-

"ucdoa"=-

"yjprcp"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

Task completed, here are the new logs that you asked for Combofix first.

ComboFix 09-03-04.01 - Bobbie 2009-03-05 19:14:05.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.222 [GMT -5:00]

Running from: c:\documents and settings\Bobbie\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bobbie\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Created a new restore point

FILE ::

c:\windows\System32\onmmrox.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_AMUVPYBY

-------\Legacy_CBITTRR

-------\Legacy_ERHCRDC

-------\Legacy_GGIPULJHDSIHO

-------\Legacy_GKKINQSARNV

-------\Legacy_HBHYPVTRNCOKBP

-------\Legacy_HRJMBPV

-------\Legacy_ICIRYFC

-------\Legacy_KQCTNVLQOVGUY

-------\Legacy_LHJTGFVFWPIGID

-------\Legacy_MHFWQLWJYV

-------\Legacy_NDHDKKRSB

-------\Legacy_NRFDQJN

-------\Legacy_NXDXAAE

-------\Legacy_SBPWOFF

-------\Legacy_TDMOBRX

-------\Legacy_WOKLWEMEPYP

-------\Legacy_WRACBSG

-------\Legacy_YCBAYOSVIJA

-------\Service_amuvpyby

-------\Service_ggipuljhdsiho

-------\Service_gkkinqsarnv

-------\Service_hbhypvtrncokbp

-------\Service_kqctnvlqovguy

-------\Service_lhjtgfvfwpigid

-------\Service_mhfwqlwjyv

-------\Service_ndhdkkrsb

-------\Service_woklwemepyp

-------\Service_wracbsg

-------\Service_ycbayosvija

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))

.

2009-03-03 14:30 . 2009-03-03 14:30 <DIR> d-------- c:\program files\Trend Micro

2009-03-03 09:37 . 2009-03-03 09:37 <DIR> d-------- c:\program files\Avira

2009-03-03 09:37 . 2009-03-03 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-03-03 09:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-03-03 09:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-03-02 00:22 . 2009-03-02 00:52 <DIR> d-------- c:\program files\NOS

2009-03-02 00:22 . 2009-03-02 00:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

2009-03-01 23:30 . 2009-03-01 23:29 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

2009-03-01 23:30 . 2009-03-01 23:29 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl

2009-03-01 21:52 . 2009-03-01 21:52 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\Malwarebytes

2009-03-01 21:51 . 2009-03-03 09:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-01 21:51 . 2009-03-01 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-01 20:44 . 2009-03-01 20:44 376 --a------ C:\03-01-09.reg

2009-02-28 23:36 . 2009-03-03 08:50 <DIR> d-------- c:\program files\Panda Security

2009-02-28 22:58 . 2009-02-28 23:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0

2009-02-28 11:10 . 2009-02-28 11:07 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys

2009-02-28 11:07 . 2009-02-28 12:39 <DIR> d-------- c:\documents and settings\Bobbie\.housecall6.6

2009-02-25 16:05 . 2009-02-25 16:05 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\X10 Commander

2009-02-25 04:16 . 2009-02-25 04:16 <DIR> d-------- c:\documents and settings\Bobbie\Application Data\Cat's Eye Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 13:52 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-03 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-03 13:43 --------- d-----w c:\program files\PC Tools AntiVirus

2009-03-03 07:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-02 05:27 --------- d-----w c:\program files\Common Files\Adobe

2009-03-02 04:29 --------- d-----w c:\program files\Java

2009-03-01 03:59 --------- d-----w c:\documents and settings\Bobbie\Application Data\Uniblue

2009-02-25 20:30 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-03 14:04 --------- d-----w c:\documents and settings\Bobbie\Application Data\Coyotes Tale

2009-01-31 05:30 --------- d-----w c:\documents and settings\All Users\Application Data\PlayPond

2009-01-31 05:28 --------- d-----w c:\program files\Oberon Media

2009-01-31 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\SpecialBit

2009-01-24 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\ERS G-Studio

2009-01-06 09:05 --------- d-----w c:\documents and settings\Bobbie\Application Data\PlayFirst

2009-01-06 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst

2007-10-11 10:47 66,312 ----a-w c:\documents and settings\Bobbie\Application Data\GDIPFONTCACHEV1.DAT

2005-11-10 10:48 774,144 ----a-w c:\program files\RngInterstitial.dll

2005-07-28 18:46 848 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys

2008-08-23 08:08 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_12.00.53.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-06 00:21:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_354.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-15 106571]

"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-26 185896]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]

"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\SYSTEM32\bthprops.cpl]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-10 24576]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-12 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-16 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe

"MMTray"=c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\WINDOWS\\SYSTEM32\\SOL.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:RealVNC

R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [2005-08-30 45096]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-03 179856]

R2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [2009-03-03 15504]

S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys --> c:\windows\system32\DRIVERS\mr97310v.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-03-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Bobbie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for Bobbie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-06 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-11-16 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: aol.com\free

TCP: {477752DA-0386-47D3-920B-A61541DC1A35} = 65.24.7.3,65.24.7.6

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} - hxxp://www.psapoll.com/img/secure/SecureImage.cab

DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab

FF - ProfilePath - c:\documents and settings\Bobbie\Application Data\Mozilla\Firefox\Profiles\h8hp3bfh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/flash/index.cfm

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 19:23:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\ati2evxx.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe

c:\windows\SYSTEM32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\SYSTEM32\ati2evxx.exe

c:\windows\SYSTEM32\rundll32.exe

c:\progra~1\Belkin\BLUETO~1\BTSTAC~1.EXE

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

.

**************************************************************************

.

Completion time: 2009-03-05 19:31:38 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-06 00:30:19

ComboFix2.txt 2009-03-05 17:05:49

Pre-Run: 58,201,341,952 bytes free

Post-Run: 58,186,076,160 bytes free

243 --- E O F --- 2009-03-05 15:35:28

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:33:21 PM, on 3/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psapoll.com/img/secure/SecureImage.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129813763741

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477752DA-0386-47D3-920B-A61541DC1A35}: NameServer = 65.24.7.3,65.24.7.6

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--

End of file - 11698 bytes

Awaiting your advise....

Link to post
Share on other sites

Good morning, and in case I forget to say it later, thank ya'll so much for all the help.

I have both Avira Anti-virus and Malwarebytes set to run in the morning, not at the same time but with just a few minutes of each other.

Both came up with no detections this morning. I also ran a HiJackThis scan as well.

I am posting all three in hopes that we finally have this cleaned out, and I can get on with the business at hand. Also if ya'll don't mind, how do I keep my machine safe and secure? What advise would you give me to avoid this happening again?

Malwarebytes' Anti-Malware 1.34

Database version: 1824

Windows 5.1.2600 Service Pack 3

3/6/2009 4:50:02 AM

mbam-log-2009-03-06 (04-50-02).txt

Scan type: Full Scan (C:\|)

Objects scanned: 162844

Time elapsed: 1 hour(s), 0 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Avira AntiVir Personal

Report file date: Friday, March 06, 2009 04:51

Scanning for 1285847 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PITA

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 14:40:29

ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 14:40:31

ANTIVIR3.VDF : 7.1.2.130 124416 Bytes 3/6/2009 09:50:51

Engineversion : 8.2.0.105

AEVDF.DLL : 8.1.1.0 106868 Bytes 3/3/2009 14:40:40

AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/5/2009 18:39:00

AESCN.DLL : 8.1.1.8 127346 Bytes 3/5/2009 18:38:58

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38

AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 11:25:45

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/3/2009 14:40:36

AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/5/2009 18:38:57

AEHELP.DLL : 8.1.2.2 119158 Bytes 3/3/2009 14:40:33

AEGEN.DLL : 8.1.1.25 336243 Bytes 3/5/2009 18:38:47

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 3/3/2009 14:40:32

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Friday, March 06, 2009 04:51

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned

Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'ATIRW.EXE' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'CTDetect.exe' - '1' Module(s) have been scanned

Scan process 'PSFree.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned

Scan process 'mmtask.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'AVWUPSRV.EXE' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

51 processes with 51 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '77' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

End of the scan: Friday, March 06, 2009 05:38

Used time: 46:18 Minute(s)

The scan has been done completely.

7074 Scanning directories

341451 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

341450 Files not concerned

3606 Archives were scanned

1 Warnings

0 Notes

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:42:26 AM, on 3/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psapoll.com/img/secure/SecureImage.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129813763741

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477752DA-0386-47D3-920B-A61541DC1A35}: NameServer = 65.24.7.3,65.24.7.6

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--

End of file - 11801 bytes

Link to post
Share on other sites

I also have a couple of questions. I recently updated both Java and Adobe reader. Could this be how I got this thing?

Yes, its very likely that's how they got in. However, now that they are updated, you shouldn't have to worry about it.

Go start -> run and type in combofix /u & press OK to remove Combofix.

You look clean. Are you still have any problems?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.