Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need some help with malware, etc.


  • Please log in to reply

#1
Jazzo

Jazzo

    Member

  • Member
  • PipPip
  • 14 posts
Hey guys, after countless hours trying to fix my pc, finally I can see a spec of light at the end of this tunnel, at least we think so lol. I just want to give a huge THANK YOU to wannabe1, who I've been dealing with in your IRC channel for 5ish hours now. Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:52 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\program files\steam\steam.exe
E:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0000bd64.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O1 - Hosts: 69.89.31.183 www.fragdods.com
O1 - Hosts: 69.89.31.183 fragdods.com
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{2D-DB-B6-65-DW}] C:\DOCUME~1\Jasper\LOCALS~1\Temp\build_dol.exe DWoli5
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [985CPibeSf] C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\Documents and Settings\Jasper\Local Settings\Temp\build_dol.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: UnknownKbd - {3d7b8dcc-b6c5-4ac1-9ea2-a0117b83dea4} - C:\WINDOWS\Resources\UnknownKbd.dll
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll (file missing)
O21 - SSODL: qdnkewfa - {AE3749FF-9E19-48AD-BFAA-C4E4E34E1821} - C:\WINDOWS\qdnkewfa.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NNServ (nnserv) - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 20145 bytes
  • 0

Advertisements


#2
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
After renaming HiJackThis as sari in IRC suggested, here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:39 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\NewDotNet\nnrun.exe
F:\program files\steam\steam.exe
E:\Program Files\AIM\aim.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0005e7b8.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\Program Files\Ad-Aware SE Personal\Ad-Aware.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O1 - Hosts: 69.89.31.183 www.fragdods.com
O1 - Hosts: 69.89.31.183 fragdods.com
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{2D-DB-B6-65-DW}] C:\DOCUME~1\Jasper\LOCALS~1\Temp\build_dol.exe DWoli5
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [985CPibeSf] C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\Documents and Settings\Jasper\Local Settings\Temp\build_dol.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: UnknownKbd - {3d7b8dcc-b6c5-4ac1-9ea2-a0117b83dea4} - C:\WINDOWS\Resources\UnknownKbd.dll
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll (file missing)
O21 - SSODL: qdnkewfa - {AE3749FF-9E19-48AD-BFAA-C4E4E34E1821} - C:\WINDOWS\qdnkewfa.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NNServ (nnserv) - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 19476 bytes
  • 0

#3
sari

sari

    GeekU Admin

  • Administrator
  • 21,289 posts
  • MVP
Jazzo,

You didn't rename the executable. Please go to E:\Program Files\HijackThis.exe, right click, and rename it to hjt.exe. Post it in a reply to this thread.

sari
  • 0

#4
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:41 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\program files\steam\steam.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0000ad37.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O1 - Hosts: 69.89.31.183 www.fragdods.com
O1 - Hosts: 69.89.31.183 fragdods.com
O2 - BHO: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {b603013a-8741-4da8-b0b5-03f16ff99bb8} - (no file)
O2 - BHO: (no name) - {ba5a032a-999e-458d-abf3-18f8c66dd84d} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\byxyyvv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: vnbptxlf - {49D8D988-6D77-4E24-8A27-914FBCCC782F} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{2D-DB-B6-65-DW}] C:\DOCUME~1\Jasper\LOCALS~1\Temp\build_dol.exe DWoli5
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jasper\cftmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [985CPibeSf] C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\Documents and Settings\Jasper\Local Settings\Temp\build_dol.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byxyyvv - C:\WINDOWS\SYSTEM32\byxyyvv.dll
O21 - SSODL: UnknownKbd - {3d7b8dcc-b6c5-4ac1-9ea2-a0117b83dea4} - C:\WINDOWS\Resources\UnknownKbd.dll
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll (file missing)
O21 - SSODL: qdnkewfa - {AE3749FF-9E19-48AD-BFAA-C4E4E34E1821} - C:\WINDOWS\qdnkewfa.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NNServ (nnserv) - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 21003 bytes
  • 0

#5
sari

sari

    GeekU Admin

  • Administrator
  • 21,289 posts
  • MVP
Jazzo,

You have multiple infections that will require separate scans/tools in order to fix them. It will take multiple posts in order to clean this up. Please follow all the directions that I post. You may want to print these instructions (or use your other PC also), as we will be in safe mode for portions of the fixes.


Step 1
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix).

Step 2
Please download SmitfraudFix (by S!Ri) to your Desktop.

Step 3 - Both Step 3 and Step 4 should be done in safe mode
Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).

Step 4
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Step 5
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

In your next post, I will need the following logs (you may need to put them into several posts:

c:\SDFix\Report.txt
C:\rapport.txt
Combofix log
New hijackthis log.

Thanks,

sari
  • 0

#6
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok Sari, I will post the logs for the sdfix and for the smitfraudfix scans that I ran. I'll also post a new hjt log. However, I can't post a combofix log, because it hasn't finished. Wannabe told me to stop it and post the logs I have. The first time I ran combofix, it stuck at Completed Stage_8 for over an hour. I rebooted and ran again, this time it stuck at Completed Stage_35 for 4 hours (mind you this is about 17.5 hours into the scan). I don't know why the combofix is taking that long, if something is prohibiting it from going or whatever, but let me know if i should try to run a combofix scan again and I will. Here are the logs:

sdfix -

SDFix: Version 1.168
Run by Jasper on Thu 04/10/2008 at 01:57 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name:
FCI
CTAUD2KK

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
System32\drivers\ctaud2kk.sys

FCI - Deleted
CTAUD2KK - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\-13377~1 - Deleted
C:\Documents and Settings\Jasper\Start Menu\Programs\Startup\DW_Start.lnk - Deleted
C:\smp.bat - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\CTAUD2KK.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 02:00:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zeqbqwp]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\zeqbqwp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zeqbqwp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zeqbqwp]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\zeqbqwp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zeqbqwp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Xfire\\Xfire.exe"="E:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"E:\\Program Files\\mIRC\\mirc.exe"="E:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\Program Files\\mIRC-Admin\\mirc.exe"="F:\\Program Files\\mIRC-Admin\\mirc.exe:*:Enabled:mIRC"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="F:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"E:\\Program Files\\HLSW\\hlsw.exe"="E:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"F:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="F:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\Program Files\\DAP\\DAP.exe"="E:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"E:\\Program Files\\FlashGet\\flashget.exe"="E:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"F:\\Program Files\\Steam\\steamapps\\[email protected]hoo.com\\half-life\\hl.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\the ship\\ship.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\the ship\\ship.exe:*:Enabled:ship"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\Program Files\\Azureus\\Azureus.exe"="E:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"="F:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"F:\\Program Files\\Steam\\steam.exe"="F:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Octoshape Streaming Services\\Jasper\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Jasper\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"F:\\Program Files\\CoD4\\iw3mp.exe"="F:\\Program Files\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 9 Apr 2008 12,330 ..SHR --- "C:\WINDOWS\Resources\UnknownKbd.dll"
Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\Jasper\Desktop\Office XP\MSDE2000\SQLRESLD.DLL"

Finished!


smitfraudfix -

SmitFraudFix v2.311

Scan done at 2:05:40.25, Thu 04/10/2008
Run from C:\Documents and Settings\Jasper\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\Resources\UnknownKbd.dll deleted


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B9E8A57-F3DB-4511-9222-1B18C5368E11}: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B9E8A57-F3DB-4511-9222-1B18C5368E11}: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B9E8A57-F3DB-4511-9222-1B18C5368E11}: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.151.8.210 24.151.8.211 66.189.130.21


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#7
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's a new hjt log as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24, on 2008-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\program files\steam\steam.exe
E:\Program Files\AIM\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0000a5c5.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3822e60e-d5a7-4627-8776-65d058b1f58d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58c920b4-8294-428c-aca9-e195b2441bb0} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: Yahoo! IE Services Button - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {b2df78b2-1cf8-455e-8c7f-81555e1242fd} - (no file)
O2 - BHO: (no name) - {b603013a-8741-4da8-b0b5-03f16ff99bb8} - (no file)
O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\byxyyvv.dll
O2 - BHO: (no name) - {fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [{2D-DB-B6-65-DW}] C:\DOCUME~1\Jasper\LOCALS~1\Temp\build_dol.exe DWoli5
O4 - HKLM\..\Run: [BMb371e856] Rundll32.exe "C:\WINDOWS\system32\jprvdlaa.dll",s
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byxyyvv - C:\WINDOWS\SYSTEM32\byxyyvv.dll
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NNServ (nnserv) - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 18288 bytes


What should I do from this point? Thank you again for your patience and your hard work, it is GREATLY appreciated.
  • 0

#8
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-04-09.8 - Jasper 2008-04-10 2:53:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1584 [GMT -4:00]
Running from: C:\Documents and Settings\Jasper\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


only thing named combofix.txt I saw.
  • 0

#9
sari

sari

    GeekU Admin

  • Administrator
  • 21,289 posts
  • MVP
Jazzo,

Please reboot into safe mode and run combofix again.
  • 0

#10
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Rebooted in Safe Mode... Here is the combofix log, WOOT! lol

ComboFix 08-04-09.8 - Jasper 2008-04-10 20:22:26.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1786 [GMT -4:00]
Running from: C:\Documents and Settings\Jasper\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb371e856.xml
C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byxyyvv.dll
C:\WINDOWS\system32\gebyaxy.dll
C:\WINDOWS\system32\jprvdlaa.dll
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\xkoytstj.dll
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
.
---- Previous Run -------
.
C:\Program Files\newdotnet
C:\Program Files\newdotnet\nncore.dll
C:\Program Files\newdotnet\nnrun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nnserv
-------\Service_nnserv


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 19:21 . 2008-04-10 19:21 3,648 --a------ C:\WINDOWS\system32\ovpscvdt.dll
2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\resources
2008-04-10 02:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 02:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 02:05 . 2008-03-29 00:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-10 02:05 . 2008-04-08 22:44 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-10 02:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-10 02:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-10 02:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 02:05 . 2008-04-10 02:05 2,572 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-10 01:56 . 2008-04-10 01:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 01:52 . 2008-04-10 02:02 <DIR> d-------- C:\SDFix
2008-04-09 17:57 . 2008-04-09 17:57 <DIR> d-------- C:\Documents and Settings\Jasper\Application Data\TmpRecentIcons
2008-04-09 15:10 . 2008-04-09 15:10 270,336 --a------ C:\WINDOWS\system32\ddaby.dll_old
2008-04-09 15:06 . 2008-04-09 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\kvutipaj
2008-04-09 15:05 . 2008-04-09 15:05 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-09 15:04 . 2008-04-09 15:04 55,218 --a------ C:\WINDOWS\zeqbqwp.sys
2008-04-09 15:04 . 2008-04-09 15:04 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-08 06:27 . 2008-04-08 06:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 06:27 . 2008-04-08 06:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-28 06:21 . 2008-03-28 06:21 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 23:20 . 2008-03-18 23:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 00:20 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Xfire
2008-04-10 23:30 --------- d-----w C:\Documents and Settings\Jasper\Application Data\AVG7
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:57 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Azureus
2008-04-06 07:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-20 01:32 --------- d-----w C:\Program Files\ScreenPrint32 v3
2008-03-09 21:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 21:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-27 21:47 --------- d--h--r C:\Documents and Settings\Jasper\Application Data\yahoo!
2008-02-11 04:37 --------- d-----w C:\Program Files\Octoshape Streaming Services
2007-12-16 01:22 22,328 ----a-w C:\Documents and Settings\Jasper\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3822e60e-d5a7-4627-8776-65d058b1f58d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58c920b4-8294-428c-aca9-e195b2441bb0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2df78b2-1cf8-455e-8c7f-81555e1242fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b603013a-8741-4da8-b0b5-03f16ff99bb8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2f8f7c7-954d-4336-ba99-27bfbeb73daf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\steam\steam.exe" [2008-03-27 23:16 1271032]
"LDM"="E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-08-15 21:42 36864]
"AIM"="E:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"DeadAIM"="E:\PROGRA~1\AIM\\DeadAIM.ocm" [2003-02-24 16:11 266313]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-08-19 15:08 159744]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-08-19 15:08 983
  • 0

Advertisements


#11
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-04-09.8 - Jasper 2008-04-10 20:22:26.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1786 [GMT -4:00]
Running from: C:\Documents and Settings\Jasper\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb371e856.xml
C:\WINDOWS\Installer\{9c41d53d-d6e3-4c02-91b2-fb5073060db4}\zip.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byxyyvv.dll
C:\WINDOWS\system32\gebyaxy.dll
C:\WINDOWS\system32\jprvdlaa.dll
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\xkoytstj.dll
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
.
---- Previous Run -------
.
C:\Program Files\newdotnet
C:\Program Files\newdotnet\nncore.dll
C:\Program Files\newdotnet\nnrun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nnserv
-------\Service_nnserv


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 19:21 . 2008-04-10 19:21 3,648 --a------ C:\WINDOWS\system32\ovpscvdt.dll
2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\resources
2008-04-10 02:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 02:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 02:05 . 2008-03-29 00:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-10 02:05 . 2008-04-08 22:44 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-10 02:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-10 02:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-10 02:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 02:05 . 2008-04-10 02:05 2,572 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-10 01:56 . 2008-04-10 01:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 01:52 . 2008-04-10 02:02 <DIR> d-------- C:\SDFix
2008-04-09 17:57 . 2008-04-09 17:57 <DIR> d-------- C:\Documents and Settings\Jasper\Application Data\TmpRecentIcons
2008-04-09 15:10 . 2008-04-09 15:10 270,336 --a------ C:\WINDOWS\system32\ddaby.dll_old
2008-04-09 15:06 . 2008-04-09 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\kvutipaj
2008-04-09 15:05 . 2008-04-09 15:05 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-09 15:04 . 2008-04-09 15:04 55,218 --a------ C:\WINDOWS\zeqbqwp.sys
2008-04-09 15:04 . 2008-04-09 15:04 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-08 06:27 . 2008-04-08 06:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 06:27 . 2008-04-08 06:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-28 06:21 . 2008-03-28 06:21 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 23:20 . 2008-03-18 23:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 00:20 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Xfire
2008-04-10 23:30 --------- d-----w C:\Documents and Settings\Jasper\Application Data\AVG7
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:57 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Azureus
2008-04-06 07:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-20 01:32 --------- d-----w C:\Program Files\ScreenPrint32 v3
2008-03-09 21:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 21:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-27 21:47 --------- d--h--r C:\Documents and Settings\Jasper\Application Data\yahoo!
2008-02-11 04:37 --------- d-----w C:\Program Files\Octoshape Streaming Services
2007-12-16 01:22 22,328 ----a-w C:\Documents and Settings\Jasper\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3822e60e-d5a7-4627-8776-65d058b1f58d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58c920b4-8294-428c-aca9-e195b2441bb0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2df78b2-1cf8-455e-8c7f-81555e1242fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b603013a-8741-4da8-b0b5-03f16ff99bb8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2f8f7c7-954d-4336-ba99-27bfbeb73daf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\steam\steam.exe" [2008-03-27 23:16 1271032]
"LDM"="E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-08-15 21:42 36864]
"AIM"="E:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"DeadAIM"="E:\PROGRA~1\AIM\\DeadAIM.ocm" [2003-02-24 16:11 266313]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-08-19 15:08 159744]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-08-19 15:08 98304]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2004-08-19 14:10 135168]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-04 09:33 579072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 14:35 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger Agent.lnk - E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-15 21:42:48 196608]
Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe [2006-08-09 00:34:47 434176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyvv]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 E:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-08-15 21:42 36864 E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2003-08-29 14:17 188416 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2003-08-29 14:20 77824 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\Jasper\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 E:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
--a------ 2003-05-15 20:36 446464 C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 18:20 20058152 E:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Xfire\\Xfire.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"=
"E:\\Program Files\\AIM\\aim.exe"=
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe"=
"F:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\mIRC-Admin\\mirc.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\the ship\\ship.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Azureus\\Azureus.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Program Files\\Steam\\steam.exe"=
"F:\\Program Files\\CoD4\\iw3mp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 m5288;m5288;C:\WINDOWS\system32\drivers\m5288.sys [2005-12-23 18:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 12:16]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 02:43]
S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 06:41]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 20:34:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> E:\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\DOCUME~1\Jasper\LOCALS~1\temp\bwgo00095a59.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-04-10 20:35:53 - machine was rebooted [Jasper]
ComboFix-quarantined-files.txt 2008-04-11 00:35:48
Pre-Run: 2,759,397,376 bytes free
Post-Run: 2,708,135,936 bytes free
.
2008-04-09 10:22:36 --- E O F ---
  • 0

#12
sari

sari

    GeekU Admin

  • Administrator
  • 21,289 posts
  • MVP
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#13
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:58 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
F:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo00095a59.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Ventrilo\Ventrilo.exe
E:\Program Files\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58c920b4-8294-428c-aca9-e195b2441bb0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 17472 bytes
  • 0

#14
sari

sari

    GeekU Admin

  • Administrator
  • 21,289 posts
  • MVP
Jazzo,

A. Please RUN HijackThis
  • Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {58c920b4-8294-428c-aca9-e195b2441bb0} - (no file)
    O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\ovpscvdt.dll
C:\WINDOWS\system32\ddaby.dll_old
C:\WINDOWS\zeqbqwp.sys
C:\DOCUME~1\Jasper\LOCALS~1\temp\bwgo00095a59.exe

Folder::
C:\Documents and Settings\All Users\Application Data\kvutipaj



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

sari
  • 0

#15
Jazzo

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the log that you wanted me to post with the windows file:

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP