Trojan and Virtumundo-Please review hijackThis Log [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Trojan and Virtumundo-Please review hijackThis Log [Closed]

#1 Kris0707

Group: Member
Posts: 35
Joined: 27-July 07

Posted 25 February 2009 - 03:50 PM

eTrust Antivirus detects trojan and other infections. The infections wont let me open certain anti-malware software. Computer is very slow and not responding. I have a red circle with an X in it on my taskbar. Cannot open Malwarebytes. Heres the hijackThis log, Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:10 PM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\ntdll64.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\DOCUME~1\Erik\LOCALS~1\Temp\pcqobtjcri.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\hhs3ijndfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hhs3ijndfd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Erik\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Erik\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [nv5szkhmp4gquevn2mq4zbcup2] C:\DOCUME~1\Erik\LOCALS~1\Temp\won5v2.exe
O4 - HKCU\..\Run: [voie0ymdtek4n4x50u41lu1x80r21] C:\DOCUME~1\Erik\LOCALS~1\Temp\xyhkdj7yr4smp.exe
O4 - HKCU\..\Run: [yhh2jm6lspi2k445x6qoqsd3zezt] C:\DOCUME~1\Erik\LOCALS~1\Temp\nmx9pt73vcyqp.exe
O4 - HKCU\..\Run: [hrc0lqdib] C:\DOCUME~1\Erik\LOCALS~1\Temp\x24tl6oxyzn16.exe
O4 - HKCU\..\Run: [et0ebs897ro0aetf59edi41q7v9yyrt2o5rxo] C:\DOCUME~1\Erik\LOCALS~1\Temp\uymy9udaz.exe
O4 - HKCU\..\Run: [a54hn9jar24r31mklgigckm] C:\DOCUME~1\Erik\LOCALS~1\Temp\bjlk6ztml.exe
O4 - HKCU\..\Run: [cvwq74dhrs70yr40b] C:\DOCUME~1\Erik\LOCALS~1\Temp\b4adike.exe
O4 - HKCU\..\Run: [ipvv91hwprrq2mopliz6hqupsyb] C:\DOCUME~1\Erik\LOCALS~1\Temp\xle300.exe
O4 - HKCU\..\Run: [wdv0x52yv5p3incpxxuwgsb8pb361fh0rt8esz] C:\DOCUME~1\Erik\LOCALS~1\Temp\lnxm6ai.exe
O4 - HKCU\..\Run: [h08jj4ji8aubzs80ajxyq5rvj7kbn] C:\DOCUME~1\Erik\LOCALS~1\Temp\qgxrdt9fsgelh.exe
O4 - HKCU\..\Run: [n4tr6sf2xucraj97g67w2] C:\DOCUME~1\Erik\LOCALS~1\Temp\tw82xl52gb.exe
O4 - HKCU\..\Run: [xvtu87adbkuq5sktj9fnhseywc2vbphnh2a] C:\DOCUME~1\Erik\LOCALS~1\Temp\zby5j0ym2n5.exe
O4 - HKCU\..\Run: [jtgk1w3w6qg2] C:\DOCUME~1\Erik\LOCALS~1\Temp\efo3f9r083x65.exe
O4 - HKCU\..\Run: [nov2945r1wie2wtm713tazbvi4nz] C:\DOCUME~1\Erik\LOCALS~1\Temp\mtvm5khu8.exe
O4 - HKCU\..\Run: [cd7m21d6hzv727eu1v30] C:\DOCUME~1\Erik\LOCALS~1\Temp\hpj6lp801.exe
O4 - HKCU\..\Run: [d3b8cellnz2lqz29u8csq09a23kw9n1] C:\DOCUME~1\Erik\LOCALS~1\Temp\ocl8kjefar8m.exe
O4 - HKCU\..\Run: [dlm90qszxmyq14hmwv0jtah1em0yqqw8e4usk6e3h] C:\DOCUME~1\Erik\LOCALS~1\Temp\lo984k2.exe
O4 - HKCU\..\Run: [l1f8cumuwx6h4] C:\DOCUME~1\Erik\LOCALS~1\Temp\y0q0ypw.exe
O4 - HKCU\..\Run: [v859jx5msy1l6w1o4gow43dyziywy7jjwessh] C:\DOCUME~1\Erik\LOCALS~1\Temp\yhxkropdg.exe
O4 - HKCU\..\Run: [mlkbj6aq4newlh] C:\DOCUME~1\Erik\LOCALS~1\Temp\x7sm07o2.exe
O4 - HKCU\..\Run: [u2xdhdy5hktbxdv64x5karbncan8vb3up8qkmld70kt6c5] C:\DOCUME~1\Erik\LOCALS~1\Temp\bw44dm1x2q.exe
O4 - HKCU\..\Run: [snq4sgakpt0qwh7wtlscy7atzr5cr5rug985h7] C:\DOCUME~1\Erik\LOCALS~1\Temp\c69243283k6.exe
O4 - HKCU\..\Run: [xgqo1h5q1e0oe3l] C:\DOCUME~1\Erik\LOCALS~1\Temp\eriiqnbxqyajf.exe
O4 - HKCU\..\Run: [qke9ds8lhwb5yi6uldt6oicuk8xkac8n7f9a] C:\DOCUME~1\Erik\LOCALS~1\Temp\f2t4ru33qri.exe
O4 - HKCU\..\Run: [xishwg33w9twcioqxtx0va3] C:\DOCUME~1\Erik\LOCALS~1\Temp\q03e7l4jzr8gj.exe
O4 - HKCU\..\Run: [qib9uvi6h3ei3oftlqhkzrkmd02xuv8qiftapzasphy9cyrzhh] C:\DOCUME~1\Erik\LOCALS~1\Temp\ig23tl9h3zd.exe
O4 - HKCU\..\Run: [idtla293iwr4hiu2babvvdkat] C:\DOCUME~1\Erik\LOCALS~1\Temp\jq71k2ts4xyn.exe
O4 - HKCU\..\Run: [yyg1h746zmxls7wsmj7tcexgi4imm9cmttir1rjyay5p] C:\DOCUME~1\Erik\LOCALS~1\Temp\m02lqia9.exe
O4 - HKCU\..\Run: [gp92w5vs0z0ztli44tsf0] C:\DOCUME~1\Erik\LOCALS~1\Temp\ehzjx8qg.exe
O4 - HKCU\..\Run: [h3nbw06tm1kyy93vm7] C:\DOCUME~1\Erik\LOCALS~1\Temp\o6rh2tml10iq.exe
O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Erik\LOCALS~1\Temp\lwhnrlqt.exe
O4 - HKCU\..\Run: [axqr1w4ac40ooylvlnhzb8fz] C:\DOCUME~1\Erik\LOCALS~1\Temp\t0pdxpeu.exe
O4 - HKCU\..\Run: [i62lgbjhebzxjo9scef] C:\DOCUME~1\Erik\LOCALS~1\Temp\sqkf68u.exe
O4 - HKCU\..\Run: [hsep6b26x8kf1zdhtukniwfu729jka72c5j] C:\DOCUME~1\Erik\LOCALS~1\Temp\n6o6arv2j.exe
O4 - HKCU\..\Run: [gozmj6s2ev6w0jbgwsprhvbm] C:\DOCUME~1\Erik\LOCALS~1\Temp\t4c7a9y.exe
O4 - HKCU\..\Run: [mnvmuehjr259ifgyjmqa01ic4jswy1k5jb11ejur] C:\DOCUME~1\Erik\LOCALS~1\Temp\svng7nou.exe
O4 - HKCU\..\Run: [x3113q6516ohlkd0a50ynf3] C:\DOCUME~1\Erik\LOCALS~1\Temp\gxnzdxqne.exe
O4 - HKCU\..\Run: [ew8lop438gq9atcp6fp8rxdb3xtrp] C:\DOCUME~1\Erik\LOCALS~1\Temp\zkzykj1py6.exe
O4 - HKCU\..\Run: [ewrgtijsc8weptd25nu75u528976ozpzz5lqv5avc9k48y] C:\DOCUME~1\Erik\LOCALS~1\Temp\kmzhqt3i1od.exe
O4 - HKCU\..\Run: [unem0dms4l4xgyuita] C:\DOCUME~1\Erik\LOCALS~1\Temp\obbiofbl9j0cg.exe
O4 - HKCU\..\Run: [aowc8ib4c5meyboxh0hc9j4skgx1a3bd68lta01] C:\DOCUME~1\Erik\LOCALS~1\Temp\pcqobtjcri.exe
O4 - HKCU\..\Run: [ygdvghgm00f7ptkp7r9qqqs41k4g8u] C:\DOCUME~1\Erik\LOCALS~1\Temp\od91yml.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\mouse logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\erik\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\erik\locals~1\temp\ntdll64.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\mouse logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_nw.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hhs3ijndfd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 25620 bytes

#2 Kris0707

Group: Member
Posts: 35
Joined: 27-July 07

Posted 25 February 2009 - 03:52 PM

Uninstall List

Acrobat.com
Acrobat.com
Adobe Acrobat 7.0 - Tryout Professional - English, FranÁais, Deutsch
Adobe AIR
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Azureus
CA eTrust PestPatrol
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compact Wireless-G USB Adapter
DivX
Doom 3
ERUNT 1.1j
eTrust EZ Antivirus
Far Cry
FEAR
FoxyTunes for Firefox
GameShadow
Google Talk (remove only)
Google Toolbar for Internet Explorer
GUN ™
Half-Life® 2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.18.8
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
MBPass v1.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Nero Suite
NVIDIA Drivers
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Roxio Easy Media Creator 8 Suite
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Steam™
Sygate Personal Firewall Pro
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

#3 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 25 February 2009 - 04:28 PM

Hello.

Very nasty infection you have. One of them is a backdoor/rootkit.

Posted Image

Backdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you want to continue run Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
Close any open windows, including this one.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Post back with a new Hijackthis log as well.

With Regards,
Extremeboy

#4 Kris0707

Group: Member
Posts: 35
Joined: 27-July 07

Posted 25 February 2009 - 05:35 PM

It does not let me open ComboFix. I double click it and it wont open. The same thing that happens with Malwarebytes.

#5 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 25 February 2009 - 07:49 PM

Hello.

No wonder.. Please delete Combofix you have write now and re-download and make sure you RENAME it before saving it onto your desktop please.

Download and Run ComboFix

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it.
http://www.bleepingc...to-use-combofix

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

Post back with a new Hijackthis log as well. Let me know how it goes.

With Regards,
Extremeboy

#6 Kris0707

Group: Member
Posts: 35
Joined: 27-July 07

Posted 27 February 2009 - 02:54 PM

Seems like things went well with the combofix, heres the log:

ComboFix 09-02-26.02 - Erik 2009-02-27 14:16:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1688 [GMT -5:00]
Running from: c:\documents and settings\Erik\Desktop\Combo-Fix.exe
AV: eTrust EZ Antivirus *On-access scanning disabled* (Updated)
FW: Sygate Personal Firewall Pro *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Erik\LOCALS~1\Temp\mousehook.dll
c:\docume~1\Erik\LOCALS~1\Temp\ntdll64.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\UACjiecxeig.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hhs3ijndfd.dll
c:\windows\system32\init32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\UACftewbaqp.dll
c:\windows\system32\UAChoruwsrs.dll
c:\windows\system32\UACklyfwxwg.log
c:\windows\system32\UACqliobwpw.dll
c:\windows\system32\UACurhjhxkk.dll
c:\windows\system32\UACuxfubrxd.dat
c:\windows\system32\UACvmuycdxj.log
c:\windows\system32\UACwrypiyci.log
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win_nw.dll
c:\windows\system32\win32hlp.cnf
D:\Autorun.inf

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-27 13:35 . 2009-02-27 13:35 <DIR> d-------- c:\documents and settings\Administrator
2009-02-25 13:41 . 2009-02-27 15:16 100,590 --a------ c:\windows\system32\drivers\1f3693c6.sys
2009-02-25 13:41 . 2009-02-27 13:28 5,164 --a------ c:\windows\system32\uacinit.dll
2009-02-25 13:41 . 2009-02-25 13:41 705 --a------ C:\jinbiq.exe
2009-02-25 13:40 . 2009-02-25 13:40 30,720 --a------ C:\gnbnx.exe
2009-02-25 13:40 . 2009-02-25 13:40 20,480 -r-h----- c:\windows\system32\win_5d.exe
2009-02-25 13:40 . 2009-02-25 13:40 2 --a------ C:\-262669979
2009-02-21 20:05 . 2009-02-21 20:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-21 19:37 . 2009-02-22 00:03 <DIR> d-------- c:\program files\NOS
2009-02-21 19:37 . 2009-02-22 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-17 21:28 . 2009-02-17 21:59 <DIR> d-------- c:\documents and settings\Erik\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 18:38 --------- d-----w c:\documents and settings\Erik\Application Data\Azureus
2009-02-22 01:00 --------- d-----w c:\program files\Common Files\Adobe
2008-08-25 23:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-03-27 4670968]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CaAvTray"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2006-05-20 230512]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2006-05-20 185456]
"eTrust PestPatrol Active Protection"="c:\program files\CA\eTrust PestPatrol\PPActiveDetection.exe" [2004-09-27 106496]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SmcService"="d:\progra~1\Sygate\SPF\smc.exe" [2004-12-20 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\mouse logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-25 450560]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 d:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 16:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 d:\program files\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-11-21 21:47 1687552 c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2005-11-22 09:34 163840 c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-08-22 16:13 1271032 d:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-20 13:46 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 14:22 4670968 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"RoxLiveShare"=2 (0x2)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"d:\\Games\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Games\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\mouse logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\SharedCom\\RoxUpnpRenderer.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Audio Master\\MusicDiscCreator.exe"=
"d:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de576be6-fd63-11dd-80dd-0015f29fef96}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hhs3ijndfd.dll
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hhs3ijndfd.dll
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\docume~1\Erik\LOCALS~1\Temp\ntdll64.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\mouse logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\ghjycc8f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: d:\program files\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 15:16:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1f3693c6]
"ImagePath"="\SystemRoot\System32\drivers\1f3693c6.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
d:\program files\Sygate\SPF\Smc.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-27 15:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-27 20:19:24

Pre-Run: 24,366,809,088 bytes free
Post-Run: 25,765,412,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

237 --- E O F --- 2009-02-25 02:00:38

Hijachthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:06 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\mouse logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\docume~1\erik\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\mouse logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {33280670-8BE1-4A9F-9C31-A62787BF582D} - D:\mouse logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 20262 bytes

#7 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 27 February 2009 - 06:00 PM

Hello.

Indeed you have a rootkit infection. It has been removed now but your computer was compromised before. Also a windows file was also infected..

Rootkit Threat

Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

With Regards,
Extremeboy

#8 Kris0707

Group: Member
Posts: 35
Joined: 27-July 07

Posted 02 March 2009 - 02:07 PM

Hi,

Thank you so much for helping me. I would like to clean the computer and then reformat the hard drive. I will take your advice and do everything you reccomend, so please help. I want the computer to go back to normal with no virus/malware/spyware or backdoor rootkit. Thanks in advance once again, I appreciate it alot.

#9 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 02 March 2009 - 04:16 PM

Hello.

If you are going to do a format anyway, why do you want me to clean it up? It would just be a waste of my time and yours. Backup all your files you need and format..

When backing up files and datas there are mainly 2 general guidelines:

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

With Regards,
Extremeboy

#10 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 04 March 2009 - 03:34 PM

Hello.

Since there is no reply, I will close this topic. Good luck on the format. Below are some prevention tips.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

Quote

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!

Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
Update ALL Critical updates and any other Windows updates for services/programs that you use.
If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
Note that it will download them for you, but you still have to actually click install.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

With Regards,
Extremeboy

#11 Extremeboy

Group: Retired Staff
Posts: 824
Joined: 12-February 09

Posted 04 March 2009 - 03:35 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Trojan and Virtumundo-Please review hijackThis Log [Closed] - Geeks to Go Forums