Tyring to get rid of Rootkit.Agent (It is hellish)

[Monkey D. Luffy]

I have a MBAM log and a HTJ log here. I can delete it with MBAM but it comes back every single time on reboot. (Computer goes slow for a minute, then it's fine. I assume this is when it reinstalls).

This is the first time MBAM has failed me. And I am slightly frightened by this Rootkit, even if it doesn't seem like its' doing anything. There's nothing suspicious in my processes, or on boot.

(MBAM)

Malwarebytes' Anti-Malware 1.37

Database version: 2256

Windows 5.1.2600 Service Pack 1

6/9/2009 8:00:11 PM

mbam-log-2009-06-09 (20-00-07).txt

Scan type: Quick Scan

Objects scanned: 122881

Time elapsed: 52 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.

(/MBAM)

(HTJ)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:02:08 PM, on 6/9/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe

C:\Program Files\ZVolume Pro\ZVolume.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Owner\My Documents\windows-kb890830-v2.10.exe

c:\66d67609bff6ffd71736d4f26ebac4\mrtstub.exe

C:\WINDOWS\System32\MRT.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {2AFBA10F-03D7-4FB7-9C43-0EBDC64BB0C0} - C:\WINDOWS\System32\tuvwVnlM.dll (file missing)

O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NewmentechMouse] C:\Program Files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashFavorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra 'Tools' menuitem: Flash Favorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aime\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231916553281

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O18 - Protocol: bw+0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: cglirp.dll C:\WINDOWS\System32\panetuwu.dll qmrvpe.dll,

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 22726 bytes

(/HTJ)

[AdvancedSetup]

Please visit this webpage for instructions for downloading ComboFix to your

DESKTOP

:

how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run

ComboFix.exe

on your DESKTOP and not from any other folder.

Also,

DO NOT

click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

ComboFix.exe

ComboFix.exe

ComboFix.exe

Note:

The

Windows Recovery Console

will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click
  Yes
  to allow ComboFix to continue scanning for malware.
  
  
• When the tool is finished, it will produce a report for you.
  
  
• Please post the
  C:\ComboFix.txt
  along with a
  new HijackThis log
  so we may continue cleaning the system.
  
  

[Monkey D. Luffy]

(ComboFix)

ComboFix 09-06-09.06 - Owner 06/09/2009 21:59.1 - NTFSx86

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\CPV.stt

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts

C:\Nero6_Ultra.exe

C:\temp.htm

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\DRIVERS\beep.sys

c:\windows\IE4 Error Log.txt

c:\windows\system32\drivers\str.sys

c:\windows\system32\drivers\ujflta.sys

c:\windows\system32\tmdewd.dll

c:\windows\system32\vemofogu.dll

c:\windows\system32\yahepufe.exe

c:\windows\TEMP\RarSFX0\ALUNotify.exe

c:\windows\TEMP\RarSFX0\AUpdate.exe

c:\windows\TEMP\RarSFX0\capicom.dll

c:\windows\TEMP\RarSFX0\Lsetup.exe

c:\windows\TEMP\RarSFX0\LuAll.exe

c:\windows\TEMP\RarSFX0\LuComServer_2_6.EXE

c:\windows\TEMP\RarSFX0\LuComServerPS_2_6.DLL

c:\windows\TEMP\RarSFX0\LUInit.exe

c:\windows\TEMP\RarSFX0\LUinsDll.dll

c:\windows\TEMP\RarSFX0\LUPreCon.dll

c:\windows\TEMP\RarSFX0\NDetect.exe

c:\windows\TEMP\RarSFX0\NetDetectController_2_6.DLL

c:\windows\TEMP\RarSFX0\ProductRegCom_2_6.DLL

c:\windows\TEMP\RarSFX0\ProductRegComPS_2_6.DLL

c:\windows\TEMP\RarSFX0\Psapi.Dll

c:\windows\TEMP\RarSFX0\S32Live1.dll

c:\windows\TEMP\RarSFX0\S32LUCP1.CPL

c:\windows\TEMP\RarSFX0\S32Luis1.dll

c:\windows\TEMP\RarSFX0\S32LUWI1.dll

c:\windows\TEMP\RarSFX0\SHFOLDER.EXE

c:\windows\TEMP\RarSFX0\SymantecRootInstaller.exe

c:\windows\TEMP\RarSFX0\unrar.dll

c:\windows\wiaserviv.log

C:\xcrashdump.dat

D:\Desktop.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ABEL

-------\Legacy_WINDOWS_OVERLAY_COMPONENTS

-------\Legacy_ZESOFT

-------\Service_Abel

-------\Service_surl

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))

.

2009-06-09 03:22 . 2009-06-09 03:22 -------- d-----w- C:\ff413b92764653960f482f21530e33a1

2009-06-05 22:22 . 2009-06-05 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-06-04 01:03 . 2008-11-06 06:03 -------- d-----w- C:\SDFix

2009-05-17 02:49 . 2009-05-17 02:49 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-17 02:49 . 2009-05-17 02:49 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 02:27 . 2002-04-26 02:39 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-06-10 01:42 . 2004-03-27 19:37 -------- d-----w- c:\program files\Norton AntiVirus

2009-06-10 01:41 . 2002-04-26 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-10 00:00 . 2008-10-29 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-05 22:56 . 2003-12-31 03:51 -------- d-----w- c:\program files\DivX

2009-05-26 22:26 . 2008-12-06 06:54 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-26 17:20 . 2008-10-29 07:31 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 17:19 . 2008-10-29 07:31 18456 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-24 00:01 . 2004-01-24 00:19 -------- d-----w- c:\program files\Steam

2009-05-20 04:37 . 2004-04-22 05:00 -------- d-----w- c:\program files\HLSW

2009-05-18 06:06 . 2005-06-23 19:55 -------- d-----w- c:\program files\Real Lives

2009-05-06 21:22 . 2009-05-06 21:22 -------- d-----w- c:\program files\Coupons

2009-04-12 19:07 . 2009-01-12 19:07 47104 --sha-w- c:\windows\system32\mujuluro.exe

2009-03-31 19:09 . 2003-12-31 05:17 65536 ----a-w- c:\windows\DUMPad85.tmp

2009-03-25 20:44 . 2009-03-25 20:44 2098 --sh--w- c:\windows\system32\panukowe.dll

2009-03-25 20:44 . 2009-03-25 20:44 2098 --sh--w- c:\windows\system32\ganezale.dll

2008-12-17 21:59 . 2005-10-26 13:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-17 21:59 . 2005-10-26 13:05 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-17 21:59 . 2009-01-18 05:38 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-17 21:59 . 2009-01-18 05:38 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-17 21:59 . 2005-10-26 13:05 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2001-08-18 12:00 . 2003-12-31 04:20 94784 --sh--w- c:\windows\twain.dll

2001-08-18 12:00 . 2003-12-31 04:20 46592 --sh--w- c:\windows\twain_32.dll

2004-08-14 01:11 . 2004-08-14 01:11 56 --sh--r- c:\windows\system32\6C93FC0E72.sys

2002-08-29 10:41 . 2003-12-31 05:32 401462 --sha-w- c:\windows\system32\msvcp60.dll

2002-08-29 10:41 . 2003-12-31 04:18 569344 --sh--w- c:\windows\system32\oleaut32.dll

2001-08-23 12:00 . 2001-08-23 12:00 106496 --sha-w- c:\windows\system32\olepro32.dll

2001-08-18 12:00 . 2003-12-31 04:18 9728 --sh--w- c:\windows\system32\regsvr32.exe

2005-07-29 21:24 . 2008-12-19 18:25 472 --sha-r- c:\windows\V2FycmVuIEFja2xleQ\pZIVwApRKHI3uZU5yk.vbs

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZVolume"="c:\program files\ZVolume Pro\ZVolume.exe" [2003-04-14 321536]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-17 188416]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]

"FLMOFFICE4DMOUSE"="c:\program files\Keyboard Mouse Tool\mouse32a.exe" [2004-11-30 360448]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]

"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]

"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"NewmentechMouse"="c:\program files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe" [2008-05-29 221184]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 145408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-5-6 1175552]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk

backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to LYNX.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to LYNX.lnk

backup=c:\windows\pss\Shortcut to LYNX.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Connection Manager.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Connection Manager.lnk

backup=c:\windows\pss\Connection Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=

"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [1/4/2004 2:32 AM 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [1/4/2004 2:32 AM 5248]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/18/2007 1:00 PM 24652]

R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [3/30/2003 9:38 PM 102624]

R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [3/28/2003 11:58 AM 8640]

S2 tlnbmqraktghcz;tlnbmqraktghcz;\??\c:\windows\System32\drivers\wucuxkjolqf.sys --> c:\windows\System32\drivers\wucuxkjolqf.sys [?]

S3 asbp2poa;asbp2poa;\??\c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys [?]

S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\System32\svchost.exe -k netsvcs [12/31/2003 12:19 AM 12800]

S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/21/2002 1:35 AM 144860]

S3 XDva006;XDva006;\??\c:\windows\System32\XDva006.sys --> c:\windows\System32\XDva006.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{2AFBA10F-03D7-4FB7-9C43-0EBDC64BB0C0} - c:\windows\System32\tuvwVnlM.dll

HKU-Default-Run-Spyware Doctor - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Save Flash By FlashFavorite - c:\progra~1\FLASHF~1\FFCom.dll/IeMenu.htm

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

LSP: xfire_lsp_10406.dll

LSP: c:\windows\System32\ZKLSPR.DLL

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nvlpx8jv.VGKAgain\

FF - prefs.js: browser.startup.homepage - www.starmen.net

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nvlpx8jv.VGKAgain\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll

FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox3\plugins\np32dsw.dll

FF - plugin: c:\program files\Mozilla Firefox3\plugins\npnul32.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-09 22:28

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(256)

c:\windows\system32\ODBC32.dll

c:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(352)

c:\windows\system32\MSVCRT40.dll

c:\windows\system32\MSVCIRT.dll

c:\windows\system32\xfire_lsp_10406.dll

c:\windows\System32\ZKLSPR.DLL

c:\windows\system32\sxlrt232.dll

c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(4048)

c:\windows\System32\msctfime.ime

c:\windows\System32\msi.dll

c:\program files\Keyboard Mouse Tool\MOUDL32A.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-06-10 22:47 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-10 02:46

Pre-Run: 4,734,930,944 bytes free

Post-Run: 9,934,585,856 bytes free

257

(/ComboFix)

(HJT)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:49:12 PM, on 6/9/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ZVolume Pro\ZVolume.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NewmentechMouse] C:\Program Files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashFavorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra 'Tools' menuitem: Flash Favorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aime\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231916553281

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

O18 - Protocol: bw+0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 21208 bytes

(/HJT)

Thank you for your continued assistance, friend. It seems ComboFix deleted quite a bit.

[AdvancedSetup]

STEP 01

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

• O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  
• O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  
• O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  
• O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  
• O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
  
• O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231916553281
  
• O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
  
• O18 - Protocol: bw+0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw+0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw-0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw-0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw00 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw00s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw10 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw10s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw20 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw20s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw30 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw30s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw40 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw40s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw50 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw50s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw60 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw60s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw70 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw70s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw80 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw80s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw90 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bw90s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwa0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwa0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwb0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwb0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwc0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwc0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwd0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwd0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwe0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwe0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwf0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwf0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  
• O18 - Protocol: bwg0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwg0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwh0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwh0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwi0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwi0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwj0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwj0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwk0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwk0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwl0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwl0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwm0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwm0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwn0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwn0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwo0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwo0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwp0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwp0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwq0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwq0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwr0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwr0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bws0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bws0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwt0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwt0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwu0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwu0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwv0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwv0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bww0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bww0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwx0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwx0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwy0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwy0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwz0 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: bwz0s - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: offline-8876480 - {2FE528F4-B68B-466B-B041-88D0311678D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
• O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  Then Quit All Browsers including the one you're reading this in now.
  Then click on Fix checked and then quit HJT
  

STEP 02

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
AtJob::
Folder::
C:\ff413b92764653960f482f21530e33a1
File::
c:\windows\System32\drivers\wucuxkjolqf.sys
c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys
c:\windows\System32\XDva006.sys
c:\windows\system32\panukowe.dll
c:\windows\DUMPad85.tmp
c:\windows\system32\ganezale.dll
c:\windows\system32\6C93FC0E72.sys
c:\windows\V2FycmVuIEFja2xleQ\pZIVwApRKHI3uZU5yk.vbs
Driver::
tlnbmqraktghcz
asbp2poa
XDva006
DDS::
uInternet Settings,ProxyOverride = 127.0.0.1

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.
  

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
    
  • Click Update
    

  [*]When the update is complete, select the Scanner tab

  [*]Select Perform quick scan, then click Scan.

  [*]When the scan is complete, click OK, then Show Results to view the results.

  [*]Be sure that everything is checked, and click Remove Selected.

  [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Then post back the MBAM log and a new Hijackthis log.

STEP 04

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt
   
   

• Save both reports to your desktop
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[Monkey D. Luffy]

<ComboFix2Log>

ComboFix 09-06-09.06 - Owner 06/10/2009 5:18.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.245 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt

FILE ::

"c:\docume~1\Owner\LOCALS~1\Temp\asbp2poa.sys"

"c:\windows\DUMPad85.tmp"

"c:\windows\system32\6C93FC0E72.sys"

"c:\windows\System32\drivers\wucuxkjolqf.sys"

"c:\windows\system32\ganezale.dll"

"c:\windows\system32\panukowe.dll"

"c:\windows\System32\XDva006.sys"

"c:\windows\V2FycmVuIEFja2xleQ\pZIVwApRKHI3uZU5yk.vbs"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ff413b92764653960f482f21530e33a1

c:\ff413b92764653960f482f21530e33a1\$shtdwn$.req

c:\ff413b92764653960f482f21530e33a1\mrt.exe

c:\ff413b92764653960f482f21530e33a1\mrtstub.exe

c:\windows\DUMPad85.tmp

c:\windows\system32\6C93FC0E72.sys

c:\windows\system32\ganezale.dll

c:\windows\system32\panukowe.dll

c:\windows\V2FycmVuIEFja2xleQ\pZIVwApRKHI3uZU5yk.vbs

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASBP2POA

-------\Legacy_TLNBMQRAKTGHCZ

-------\Legacy_XDVA006

-------\Service_asbp2poa

-------\Service_tlnbmqraktghcz

-------\Service_XDva006

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))

.

2009-06-05 22:22 . 2009-06-05 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-06-04 01:03 . 2008-11-06 06:03 -------- d-----w- C:\SDFix

2009-05-17 02:49 . 2009-05-17 02:49 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-17 02:49 . 2009-05-17 02:49 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll

2009-05-17 02:49 . 2009-05-17 02:49 207872 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 02:27 . 2002-04-26 02:39 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-06-10 01:42 . 2004-03-27 19:37 -------- d-----w- c:\program files\Norton AntiVirus

2009-06-10 01:41 . 2002-04-26 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-10 00:00 . 2008-10-29 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-05 22:56 . 2003-12-31 03:51 -------- d-----w- c:\program files\DivX

2009-05-26 22:26 . 2008-12-06 06:54 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-26 17:20 . 2008-10-29 07:31 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 17:19 . 2008-10-29 07:31 18456 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-24 00:01 . 2004-01-24 00:19 -------- d-----w- c:\program files\Steam

2009-05-20 04:37 . 2004-04-22 05:00 -------- d-----w- c:\program files\HLSW

2009-05-18 06:06 . 2005-06-23 19:55 -------- d-----w- c:\program files\Real Lives

2009-05-06 21:22 . 2009-05-06 21:22 -------- d-----w- c:\program files\Coupons

2009-04-12 19:07 . 2009-01-12 19:07 47104 --sha-w- c:\windows\system32\mujuluro.exe

2008-12-17 21:59 . 2005-10-26 13:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-17 21:59 . 2005-10-26 13:05 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-17 21:59 . 2009-01-18 05:38 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-17 21:59 . 2009-01-18 05:38 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-17 21:59 . 2005-10-26 13:05 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2001-08-18 12:00 . 2003-12-31 04:20 94784 --sh--w- c:\windows\twain.dll

2001-08-18 12:00 . 2003-12-31 04:20 46592 --sh--w- c:\windows\twain_32.dll

2002-08-29 10:41 . 2003-12-31 05:32 401462 --sha-w- c:\windows\system32\msvcp60.dll

2002-08-29 10:41 . 2003-12-31 04:18 569344 --sh--w- c:\windows\system32\oleaut32.dll

2001-08-23 12:00 . 2001-08-23 12:00 106496 --sha-w- c:\windows\system32\olepro32.dll

2001-08-18 12:00 . 2003-12-31 04:18 9728 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.29.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2002-04-20 04:18 . 2009-06-10 09:34 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2002-04-20 04:18 . 2009-06-10 02:27 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2002-04-20 04:18 . 2009-06-10 09:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2002-04-20 04:18 . 2009-06-10 02:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2002-04-20 04:18 . 2009-06-10 09:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2002-04-20 04:18 . 2009-06-10 02:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZVolume"="c:\program files\ZVolume Pro\ZVolume.exe" [2003-04-14 321536]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-17 188416]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]

"FLMOFFICE4DMOUSE"="c:\program files\Keyboard Mouse Tool\mouse32a.exe" [2004-11-30 360448]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]

"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]

"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"NewmentechMouse"="c:\program files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe" [2008-05-29 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-5-6 1175552]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk

backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to LYNX.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to LYNX.lnk

backup=c:\windows\pss\Shortcut to LYNX.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Connection Manager.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Connection Manager.lnk

backup=c:\windows\pss\Connection Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=

"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [1/4/2004 2:32 AM 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [1/4/2004 2:32 AM 5248]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/18/2007 1:00 PM 24652]

R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [3/30/2003 9:38 PM 102624]

R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [3/28/2003 11:58 AM 8640]

S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\System32\svchost.exe -k netsvcs [12/31/2003 12:19 AM 12800]

S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/21/2002 1:35 AM 144860]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.my.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Save Flash By FlashFavorite - c:\progra~1\FLASHF~1\FFCom.dll/IeMenu.htm

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

LSP: xfire_lsp_10406.dll

LSP: c:\windows\System32\ZKLSPR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nvlpx8jv.VGKAgain\

FF - prefs.js: browser.startup.homepage - www.starmen.net

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-10 05:34

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(252)

c:\windows\system32\ODBC32.dll

c:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(344)

c:\windows\system32\xfire_lsp_10406.dll

c:\windows\System32\ZKLSPR.DLL

c:\windows\system32\sxlrt232.dll

c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2988)

c:\windows\System32\msctfime.ime

c:\windows\System32\msi.dll

c:\program files\Keyboard Mouse Tool\MOUDL32A.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-06-10 5:52 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-10 09:51

ComboFix2.txt 2009-06-10 02:47

Pre-Run: 9,906,380,800 bytes free

Post-Run: 9,901,445,120 bytes free

220

</ComboFix2Log>

<MBAM Log 2>

Malwarebytes' Anti-Malware 1.37

Database version: 2256

Windows 5.1.2600 Service Pack 1

6/10/2009 6:10:03 AM

mbam-log-2009-06-10 (06-10-03).txt

Scan type: Quick Scan

Objects scanned: 90153

Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

</MBAM Log 2>

<HJT Log 2>

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:11:19 AM, on 6/10/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ZVolume Pro\ZVolume.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NewmentechMouse] C:\Program Files\NEXXTECH ULTIMATE\Mouse\Nmoumain.exe

O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: FlashFavorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra 'Tools' menuitem: Flash Favorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\PROGRA~1\FLASHF~1\FFCom.dll (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aime\aim.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10406.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8131 bytes

</HJT Log 2>

<DDS.txt>

DDS (Ver_09-05-14.01) - NTFSx86

Run by Owner at 6:13:58.15 on Wed 06/10/2009

Internet Explorer: 6.0.2800.1106

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.510.209 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Keyboard Mouse Tool\mouse32a.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ZVolume Pro\ZVolume.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL

TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_19_0.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll

EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

uRun: [ZVolume] c:\program files\zvolume pro\ZVolume.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [FLMOFFICE4DMOUSE] c:\program files\keyboard mouse tool\mouse32a.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [NewmentechMouse] c:\program files\nexxtech ultimate\mouse\Nmoumain.exe

dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe

IE: Save Flash By FlashFavorite - c:\progra~1\flashf~1\FFCom.dll/IeMenu.htm

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {4335F0BE-9AAF-4023-9929-681B937B814A} - res://c:\progra~1\flashf~1\FFCom.dll/IeMenu.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aime\aim.exe

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE

IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll

LSP: xfire_lsp_10406.dll

LSP: c:\windows\system32\ZKLSPR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000055-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhgax.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37985.8190856481

DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab

Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nvlpx8jv.vgkagain\

FF - prefs.js: browser.startup.homepage - www.starmen.net

============= SERVICES / DRIVERS ===============

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2004-1-4 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2004-1-4 5248]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-9-18 24652]

R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [2003-3-30 102624]

R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [2003-3-28 8640]

S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\system32\svchost.exe -k netsvcs [2003-12-31 12800]

S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2002-3-21 144860]

=============== Created Last 30 ================

2009-06-09 21:46 <DIR> --d----- C:\cmdcons

2009-06-09 21:43 161,792 a------- c:\windows\SWREG.exe

2009-06-09 21:43 155,136 a------- c:\windows\PEV.exe

2009-06-09 21:43 98,816 a------- c:\windows\sed.exe

2009-06-05 18:22 <DIR> --d----- c:\program files\common files\DivX Shared

2009-06-05 01:19 54,156 a---h--- c:\windows\QTFont.qfn

2009-06-05 01:19 1,409 a------- c:\windows\QTFont.for

2009-06-03 21:03 <DIR> --d----- C:\SDFix

2009-05-16 22:49 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 13:19 18,456 a------- c:\windows\system32\drivers\mbam.sys

2009-04-12 15:07 47,104 a--sh--- c:\windows\system32\mujuluro.exe

2008-05-16 00:53 40,553 a------- c:\docume~1\owner\applic~1\dfnd_data.bat

2008-05-16 00:53 15,337 a------- c:\docume~1\owner\applic~1\dfnd_titles.bat

2004-06-12 18:16 4,179 a------- c:\documents and settings\owner\serverlist.dat

2004-06-12 18:16 49 a------- c:\documents and settings\owner\ipspace.dat

2004-06-12 18:16 2 a------- c:\documents and settings\owner\filter.dat

2001-08-18 08:00 94,784 ---sh--- c:\windows\twain.dll

2001-08-18 08:00 46,592 ---sh--- c:\windows\twain_32.dll

2002-08-29 06:41 401,462 a--sh--- c:\windows\system32\msvcp60.dll

2002-08-29 06:41 569,344 ---sh--- c:\windows\system32\oleaut32.dll

2001-08-23 08:00 106,496 a--sh--- c:\windows\system32\olepro32.dll

2001-08-18 08:00 9,728 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 6:14:50.23 ===============

</DDS.txt>

I find it very interesting that the MBAM quick scan took 50+ minutes before, but now it's done in less than 10. And ComboFix freed up over 5 gigs of space on my HDD...huh.

Attach.txt

Attach.txt

[AdvancedSetup]

Because a ton of useless garbage and Malware was removed as well as some temporary files.

Please delete this file if its still on the system.

c:\windows\system32\mujuluro.exe

The following applications are old and you should review for removal and or update when or where possible

Adobe Acrobat 4.0

Adobe Acrobat 5.0

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 7.0.5

Adobe Shockwave Player

Adobe Stock Photos 1.0

Adobe

[Monkey D. Luffy]

(Java Log)

JavaRa 1.14 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Jun 10 07:53:13 2009

Found and removed: C:\Windows\System32\jupdate-1.5.0_01-b08.logFound and removed: Software\JavaSoft\Java2D\1.5.0_01Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510001Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.3.1_11Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_01\------------------------------------Finished reporting.

(/Java Log)

(Esetscanlog)

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe Win32/Agent.NVP trojan

C:\Documents and Settings\Owner\Desktop\New Folder\backups\backup-20050322-161254-920.dll Win32/Adware.MyWaySpeed application

C:\hp\bin\AUTOPLAY.EXE Win32/Agent.NVP trojan

C:\Program Files\AIM\aim95.exe Win32/Adware.WBug.A application

C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application

C:\Program Files\HLSW\update.exe probably a variant of Win32/TrojanDropper.Small trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe.vir Win32/Agent.NVP trojan

C:\Qoobox\Quarantine\C\WINDOWS\Drivers\beep.sys.vir a variant of Win32/UltimateDefender.A trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\tmdewd.dll.vir a variant of Win32/Adware.Virtumonde.NFA application

C:\Qoobox\Quarantine\C\WINDOWS\system32\vemofogu.dll.vir a variant of Win32/Adware.Virtumonde.NFA application

C:\Qoobox\Quarantine\C\WINDOWS\system32\yahepufe.exe.vir Win32/Qhost.NJL trojan

C:\Qoobox\Quarantine\C\WINDOWS\V2FycmVuIEFja2xleQ\pZIVwApRKHI3uZU5yk.vbs.vir Win32/Adware.ISearch application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338305.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338308.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338309.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338310.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338311.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338321.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338327.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338328.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338329.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338330.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338331.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338332.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338333.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338334.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338335.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338336.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1240\A0338337.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338350.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338351.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338354.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338355.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338356.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338357.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338358.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338359.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338360.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338361.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338362.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338375.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1241\A0338376.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344078.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344079.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344080.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344081.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344087.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344088.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344089.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344090.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344091.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344096.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344097.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344098.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344099.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344100.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344101.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1258\A0344103.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1259\A0344111.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1259\A0344112.dll a variant of Win32/Kryptik.MU trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1269\A0349210.exe a variant of Win32/Kryptik.NL trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1270\A0349226.exe Win32/Adware.SpywareProtect2009 application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1270\A0349227.exe Win32/Koobface.HN worm

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1271\A0349241.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1271\A0349242.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1271\A0349243.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1271\A0349244.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349253.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349254.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349255.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349256.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349257.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349258.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349260.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349261.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349262.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349263.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349265.ini Win32/Adware.Virtumonde.NEO application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349266.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1272\A0349267.dll a variant of Win32/Kryptik.OH trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1306\A0356638.exe a variant of Win32/Kryptik.RF trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1307\A0357648.exe a variant of Win32/Kryptik.RF trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364229.sys a variant of Win32/UltimateDefender.A trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364232.exe Win32/Agent.NVP trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364299.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364300.dll a variant of Win32/Adware.Virtumonde.NFA application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364301.exe Win32/Qhost.NJL trojan

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364422.vbs Win32/Adware.ISearch application

C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP1312\A0364504.exe a variant of Win32/Kryptik.MU trojan

(/esetscanlog)

It detected 86 infections in all. A little uneasy that I've left them on the computer for now. I see most of them are in the Systsem Restore folder (System Restore has been disabled on my computer for quite some time anyway, I don't use it)

And yes, this is the family computer. I'm the only man with any kind of above-basic computer knowledge in the family (of course) and all the P2P stuff is probably my free-music-loving brother's doing. I've removed em' all.

[AdvancedSetup]

Please follow the directions here on how to clear out old Restore Points that may have become orphaned.

Use your local drive information as needed to locate and remove.

Then ENABLE System Restore and then DISABLE System Restore to fully clean it out.

Remove all but the most recent Restore Point on Windows XP

You should

Create a New Restore Point

to prevent possible reinfection from an old one.

Some of the malware you picked up could have been saved in System Restore.

Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.

Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to

"roll-back"

to a clean working state.

The easiest and safest way to do this is

:

• Go to
  Start
  >
  Programs
  >
  Accessories
  >
  System Tools
  and click "
  System Restore
  ".
• If the shortcut is missing you can also click on
  START
  >
  RUN
  > and type in
  %SystemRoot%\system32\restore\rstrui.exe
  and click OK
  
  
• Choose the radio button marked "
  Create a Restore Point
  " on the first screen then click "
  Next
  ".
  
  
• Give the new Restore Point a name, then click "
  Create
  ".
  
  
• The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
  

• Then use the
  Disk Cleanup
  to remove all but the most recently created Restore Point.
• Go to
  Start
  >
  Run
  and type:
  Cleanmgr.exe
  
  
• Select the drive where Windows is installed and click "
  Ok
  ". Disk Cleanup will scan your files for several minutes, then open.
  
  
• Click the "
  More Options
  " tab, then click the "
  Clean up
  " button under System Restore.
  
  
• Click Ok. You will be prompted with "
  Are you sure you want to delete all but the most recent restore point?
  "
  
  
• Click
  Yes
  , then click Ok.
  
  
• Click
  Yes
  again when prompted with "
  Are you sure you want to perform these actions?
  "
  
  
• Disk Cleanup will remove the files and close automatically.
  
  
• On the
  Disk Cleanup
  tab, if the
  System Restore: Obsolete Data Stores
  entry is available remove them also.
  
  
• These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.
  
  

Additional information

Microsoft KB article: How to turn off and turn on System Restore in Windows XP

Bert Kinney's site: All about Windows System Restore

Then when all done please UPDATE MBAM with the latest rules and do a FULL SCAN and post back that log.

[Monkey D. Luffy]

Malwarebytes' Anti-Malware 1.37

Database version: 2259

Windows 5.1.2600 Service Pack 1

6/10/2009 9:41:46 PM

mbam-log-2009-06-10 (21-41-46).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 325897

Time elapsed: 2 hour(s), 10 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

There you go.

[AdvancedSetup]

Looks good. Are you still having any signs of infection? If not then I would upgrade Windows to Service Pack 3 using this full version instead of the online version. Disable ALL security software while running the update.

Then upgrade to IE7 after the SP3 upgrade. DO NOT upgrade to IE8 just yet. I would install IE7 first, THEN install IE8 both of which are much more secure than IE6

Once SP3 is installed and you go back online though for other update make sure to re-enable your security software.

[Monkey D. Luffy]

Negative, for signs of infection. Everything's all good here. Thank you very much for your help and advice, sir.

[AdvancedSetup]

Please run the following to remove any tools that might have been used during the scaning and cleaning of your system.

STEP A

Uninstall ComboFix.exe

• Click
  START
  then
  RUN
• Now type
  Combofix /u
  (if you renamed Combofix.exe use that name instead)
  in the runbox and click OK. Note the
  space
  between the
  X
  and the
  /U
  , it needs to be there.
  
  
• 

  
  

• When shown the disclaimer, Select "2"
  

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed

STEP B

Uninstall GMER

Click on

START - RUN

and type in or copy/paste

%windir%\gmer_uninstall.cmd

to remove GMER.

STEP C

Uninstall other tools

Please

Download

OTMoveIt

by Old Timer

and save it to your

Desktop

.

• Double-click
  OTM.exe
  to run it.
• While connected to the Internet, Click on the green
  CleanUp!
  button and it will populate a list of items to clean from your system that we used or may have used.
  
  
• It should ask if you want to clean up, select Yes and allow the system to clean up these items.
  
  
  NOW
  please reboot your computer to finish the cleanup process
  
  

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Remove all but the most recent Restore Point on Windows XP

You should

Create a New Restore Point

to prevent possible reinfection from an old one.

Some of the malware you picked up could have been saved in System Restore.

Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.

Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to

"roll-back"

to a clean working state.

The easiest and safest way to do this is

:

• Go to
  Start
  >
  Programs
  >
  Accessories
  >
  System Tools
  and click "
  System Restore
  ".
• If the shortcut is missing you can also click on
  START
  >
  RUN
  > and type in
  %SystemRoot%\system32\restore\rstrui.exe
  and click OK
  
  
• Choose the radio button marked "
  Create a Restore Point
  " on the first screen then click "
  Next
  ".
  
  
• Give the new Restore Point a name, then click "
  Create
  ".
  
  
• The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
  

• Then use the
  Disk Cleanup
  to remove all but the most recently created Restore Point.
• Go to
  Start
  >
  Run
  and type:
  Cleanmgr.exe
  
  
• Select the drive where Windows is installed and click "
  Ok
  ". Disk Cleanup will scan your files for several minutes, then open.
  
  
• Click the "
  More Options
  " tab, then click the "
  Clean up
  " button under System Restore.
  
  
• Click Ok. You will be prompted with "
  Are you sure you want to delete all but the most recent restore point?
  "
  
  
• Click
  Yes
  , then click Ok.
  
  
• Click
  Yes
  again when prompted with "
  Are you sure you want to perform these actions?
  "
  
  
• Disk Cleanup will remove the files and close automatically.
  
  
• On the
  Disk Cleanup
  tab, if the
  System Restore: Obsolete Data Stores
  entry is available remove them also.
  
  
• These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.
  
  

Additional information

Microsoft KB article: How to turn off and turn on System Restore in Windows XP

Bert Kinney's site: All about Windows System Restore

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster

Download it from here

Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol

Download it from here

Here you can find information about how WinPatrol works here

Install FireTrust SiteHound

You can find information and download it from here

Install hpHosts

Download it from here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.

http://www.update.microsoft.com

Note 1: If you are running Windows XP SP2, you should upgrade to SP3.

Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.

The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help

If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org