10 replies to this topic

[Reach]

First of all, thanks you for taking the time to read this.

My problem started with a trojan Sheur that I couldnt get rid off definitively with my antivirus AVG and Ad-Aware... nor maually... as it kept comming back... so I got MWAM and it seemed as if it got rid of it... even after i rebooted. Redid a scan and now it was a svchost problem.... even after rebooting it's still there... and now while I was scanning again to post the MWAM log to this post... My AVG detected the SHeur again... but MWAM didn;t detect it..

My other problem is my computer won't boot normally... I have to hit F8 after post to be able to choose debugging mode to log onto my computer... safe mode, last known configuration and all the other options won't work and give me a BSOD of irql_not_less_or_equal error... and i might be wrong... but it seems to be linked to my trojan problem cause both problems showed up at the same time...

Anyways, here are my MWAM and hijackthis logs...

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3

30/10/2009 12:50:29 PM
mbam-log-2009-10-30 (12-50-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 248118
Time elapsed: 53 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP905\A0129185.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B80B6999-E70D-4F33-88AA-3F3D588C98E9}\RP906\A0129304.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:35 PM, on 30/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 19868 bytes


Awaiting your instructions!

[miekiemoes]

Hi,

Please download and run WUS_Fix.exe: http://users.telenet...ols/WUS_Fix.exe
This should restore the default registry settings related with BITS and Automatic updates.

Then, Flush your system restore points:
To do this, you have to disable systemrestore and enable it afterwards again.
(note: this will delete all your system restore points and malware that were present in it).

How to disable system restore in XP <= click me for instructions with screenshots
After you disabled System Restore.... Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now!


Let me know if that fixed your issue.

[Reach]

it seems to have taken care of the malware since after doing what you asked and rebooted, i did a quick scan with MWAM and it found nothing... I stilll however get a BSOD if i boot normally, in otherwords... the only way for me to log on is to go through debugging mode.... and I already tried a chkdsk /r command with my OS CD in... should I do a fixmbr and or fixboot command? any other suggestions?

In any case, thanks you very very much for your help with the malware and here are the MWAM log and HijackThis log

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3

31/10/2009 5:42:52 AM
mbam-log-2009-10-31 (05-42-52).txt

Scan type: Quick Scan
Objects scanned: 104855
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:59 AM, on 31/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {5B5452BD-5D0D-4BFD-82BD-1AFA3A8CF703} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe

--
End of file - 19472 bytes

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[Reach]

That was quicker than expected.... here's the ComboFix Log file...

ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 6:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2758 [GMT -4:00]
Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Frederick Dumaresq\Application Data\inst.exe
c:\windows\10059nzt-9-vir5s129.cpl
c:\windows\104595zrus9a9.exe
c:\windows\1119ad9w5re445z.cpl
c:\windows\119evir5092z.dll
c:\windows\119steal503z.ocx
c:\windows\12125sp5mz9t93.exe
c:\windows\12352not-a-zirus329.ocx
c:\windows\12526troj159z.bin
c:\windows\12597n9t-5-virus5zc.cpl
c:\windows\1259thzeat5052.dll
c:\windows\13292zo5m91b.bin
c:\windows\134979pambzt7c5.cpl
c:\windows\1385adzware1918.cpl
c:\windows\13a5b5ckdooz9983.cpl
c:\windows\1405not-9-vzrus5d4.cpl
c:\windows\146335pambot299z.dll
c:\windows\14931h5zktool699.exe
c:\windows\150069ot-z-virus21f.cpl
c:\windows\15092zir9s45.cpl
c:\windows\15203spamboz595.cpl
c:\windows\15496zpy70f.ocx
c:\windows\1559azdware3117.dll
c:\windows\155cstza9317.ocx
c:\windows\15721haczt9ol1c.cpl
c:\windows\15775tr9j55z.exe
c:\windows\158evzr9256.cpl
c:\windows\15995vi9us56z.bin
c:\windows\15f5zte5l1963.exe
c:\windows\15z9sparse2614.exe
c:\windows\161es9yw5ze1237.ocx
c:\windows\1620downl5az9r2658.exe
c:\windows\1644zo9m573.exe
c:\windows\16z58troj34a9.exe
c:\windows\17392worz5ce.dll
c:\windows\17398v9ruz5c6.dll
c:\windows\17ez9hreat54747.ocx
c:\windows\17f99pzrse852.ocx
c:\windows\1816zn9t-a-viru53d7.cpl
c:\windows\18315w9rze5.dll
c:\windows\184069rojzc15.dll
c:\windows\18695ha5ktool29z.cpl
c:\windows\188z9ir27735.dll
c:\windows\18c9tea51z7.bin
c:\windows\19055zirus382.dll
c:\windows\1913s5a9botzfa.bin
c:\windows\19239zot5a-virus7ed.dll
c:\windows\19447trojzd5.dll
c:\windows\19505spambo9z4e.cpl
c:\windows\19548virus1z0.bin
c:\windows\19550zr5j273.cpl
c:\windows\19576vir5z1c3.dll
c:\windows\1958spamz5t6f.exe
c:\windows\195cviz3135.dll
c:\windows\19816viz5s522.bin
c:\windows\19907h5ck9ooz3f6.exe
c:\windows\19f5threat917z8.bin
c:\windows\1b135ddwa9e150z.cpl
c:\windows\1b9spy5zre2547.ocx
c:\windows\1ca5bazkdoor2395.ocx
c:\windows\1d15vz915.dll
c:\windows\1e95vir2541z.bin
c:\windows\1e98addwar51z1.bin
c:\windows\1eb7d59nloader917z.bin
c:\windows\1z005spy89.ocx
c:\windows\1z175not-5-9irus30b.ocx
c:\windows\1z1cspyw5re26879.dll
c:\windows\1z49259rus4f3.ocx
c:\windows\1z535hacktool975.dll
c:\windows\1z6905o9-a-virus11f.cpl
c:\windows\1z82t9ief1959.cpl
c:\windows\1zd6th5e9673.ocx
c:\windows\202425pambot9z7.bin
c:\windows\2058spy95rez022.cpl
c:\windows\208495ackt9ol7za.ocx
c:\windows\209959rzj309.bin
c:\windows\209985or943z.cpl
c:\windows\21595worz29.ocx
c:\windows\21996not-a-vi9us157z.dll
c:\windows\21z27w5rm976.exe
c:\windows\21z45orm79c.bin
c:\windows\22034szambot39e5.bin
c:\windows\22173s5a9boz68d.cpl
c:\windows\22285w9rm15z.bin
c:\windows\2240zt9oj5af.dll
c:\windows\22447no9-a-vir5z77c.exe
c:\windows\229685pamzot3fa.ocx
c:\windows\235695irzs2de.cpl
c:\windows\23928spamzo553.bin
c:\windows\23991s5y59z.ocx
c:\windows\24198t5oj5z0.bin
c:\windows\2419stzal5995.exe
c:\windows\2429thre5tz5157.exe
c:\windows\248519pamboz39f.ocx
c:\windows\24z45pywar9471.bin
c:\windows\25154vi95ze8.bin
c:\windows\25172zp598.ocx
c:\windows\25340w5zm9ab.ocx
c:\windows\25501not-a9viruz178.cpl
c:\windows\2587threat29z34.ocx
c:\windows\2589v9r589z.dll
c:\windows\25959wormze8.cpl
c:\windows\2599stealz15.cpl
c:\windows\25ethief19z.ocx
c:\windows\26961zot-a-virus359.bin
c:\windows\27341w9rz4835.bin
c:\windows\27374n5t-azvirus19c.ocx
c:\windows\27599pambotzac.dll
c:\windows\27z98spy15e.ocx
c:\windows\28419zpa5bot789.dll
c:\windows\28505spazbot29f.bin
c:\windows\2858zsp95c9.ocx
c:\windows\28900hac5t9olza5.exe
c:\windows\28z40spa9bot435.ocx
c:\windows\29557troz135.cpl
c:\windows\29605not-z-virus1d0.exe
c:\windows\297znot-a-virus559.bin
c:\windows\29919sp5zbot65b.exe
c:\windows\29996sp5m9zt28b.ocx
c:\windows\29abthizf1593.exe
c:\windows\29czth5eat165649.bin
c:\windows\2df3a95wzre1625.dll
c:\windows\2e1fs95ware2z1.ocx
c:\windows\2fa5addwaz92621.dll
c:\windows\2z59spa5se2799.cpl
c:\windows\2z5a9ir2521.bin
c:\windows\2z625ir3095.bin
c:\windows\2z947worm185.exe
c:\windows\2z9539pam5ote3.cpl
c:\windows\2zc9own5oader1249.cpl
c:\windows\30453zp979.exe
c:\windows\30519noz-a-virus125.exe
c:\windows\308719oz-a5virus695.bin
c:\windows\309z7tr9j4345.bin
c:\windows\30z40tr592fd.ocx
c:\windows\31067s9z5a1.bin
c:\windows\31391wo5z5fe9.dll
c:\windows\314149py545z.ocx
c:\windows\31522spy97z.dll
c:\windows\31574s9z27c.bin
c:\windows\31859trojz8b.bin
c:\windows\325529zoj54d.cpl
c:\windows\3303spa5bz943c.cpl
c:\windows\3435spz9se2951.ocx
c:\windows\35345orz95.dll
c:\windows\35450not-a-9zrus120.ocx
c:\windows\35749szy65e.ocx
c:\windows\35b9zhreat18683.bin
c:\windows\35zspar5e1969.bin
c:\windows\366bspywa5e2z95.cpl
c:\windows\3694doznlo95er704.dll
c:\windows\371cthr59tz9916.dll
c:\windows\3796wor5ze9.exe
c:\windows\39235ownloadez738.exe
c:\windows\39371wor56z8.ocx
c:\windows\3951downzoader23299.exe
c:\windows\3995spambot505z.cpl
c:\windows\39ccba5kzoo92657.ocx
c:\windows\39z9thief758.bin
c:\windows\3a49downloazer1915.ocx
c:\windows\3b89z95kdoor505.bin
c:\windows\3c379ownlza5er748.exe
c:\windows\3cezthr9at239765.exe
c:\windows\3cz4a5dwar92475.dll
c:\windows\3d7a5dwar9111z.ocx
c:\windows\3z530s5y596.cpl
c:\windows\3zdcvir599.cpl
c:\windows\4156vir48z9.ocx
c:\windows\42e3dow5zo9der1247.bin
c:\windows\447ethzeat18975.bin
c:\windows\45za9hief1597.bin
c:\windows\46789roj500z.bin
c:\windows\4715thiz52995.exe
c:\windows\4739backdzo919505.dll
c:\windows\4756vir599z.exe
c:\windows\481b9azkdoor5284.cpl
c:\windows\4930steaz5981.exe
c:\windows\4945t9reat3055z5.cpl
c:\windows\49469pars51z89.bin
c:\windows\4985virz965.ocx
c:\windows\49bbdownl5adz9254.ocx
c:\windows\4a5zthreat52792.dll
c:\windows\4a64a5dwa9z1210.cpl
c:\windows\4az5b5ckdoo93258.exe
c:\windows\4d57zpa5s91616.ocx
c:\windows\4d7e9hie5277z.cpl
c:\windows\4dacth9ea51676z.ocx
c:\windows\4dec9aczd5or2395.cpl
c:\windows\4z98sp5ware5629.exe
c:\windows\5097tzief9494.exe
c:\windows\50z6worm4219.cpl
c:\windows\510z5hreat5906.cpl
c:\windows\51229worm27dz.ocx
c:\windows\513559pz569.dll
c:\windows\514zs9arse2435.cpl
c:\windows\5159ztroj9cb.bin
c:\windows\519fbackd9oz18205.ocx
c:\windows\52409roz4f5.ocx
c:\windows\5251zow5load9r3233.bin
c:\windows\5270sp9mzot71d.exe
c:\windows\52841w9rm7z4.bin
c:\windows\529z8troj5a8.dll
c:\windows\52d5virz889.dll
c:\windows\52f89ackdooz84.cpl
c:\windows\5347zpy490.exe
c:\windows\53559pzrse2872.ocx
c:\windows\538spyzare2859.dll
c:\windows\53f7spa9se30z2.ocx
c:\windows\53zbspar9e1525.dll
c:\windows\54eas5zal3099.dll
c:\windows\54f3a9dwaze150.cpl
c:\windows\54zdba5k9oor1317.bin
c:\windows\552bzteal1991.dll
c:\windows\5541dzwnl9ader2832.exe
c:\windows\5593zworm9c3.dll
c:\windows\559addza9e181.cpl
c:\windows\559c9ddwzre1575.bin
c:\windows\55ddaddwarz2901.cpl
c:\windows\55z4backd9or1779.ocx
c:\windows\55z9troj2f.dll
c:\windows\55zeth9eat5560.dll
c:\windows\5636backdo9r5z19.dll
c:\windows\56556z9cktool4a.bin
c:\windows\5666vir394z.exe
c:\windows\56bzvir22799.bin
c:\windows\57164spamboz9b9.cpl
c:\windows\572thie9595z.exe
c:\windows\5750s9eaz5055.cpl
c:\windows\579z5hief542.cpl
c:\windows\5835sp5rsz2749.ocx
c:\windows\58e5zte9l1551.ocx
c:\windows\5911not-a-v9ruszaf.bin
c:\windows\59165spazbot179.dll
c:\windows\59479virus547z.dll
c:\windows\5975vi9usz3e.ocx
c:\windows\5999vir3z98.exe
c:\windows\599thizf5795.ocx
c:\windows\59e5sparse95z1.cpl
c:\windows\5a15backd59r11z.ocx
c:\windows\5a15backdoo930z4.cpl
c:\windows\5a31downloa9zr2384.cpl
c:\windows\5a69spzrse546.exe
c:\windows\5b6vi9z1.ocx
c:\windows\5bb7vzr16159.ocx
c:\windows\5bd7stezl1095.dll
c:\windows\5c1zaddw9re416.cpl
c:\windows\5ca9zhr5at31827.bin
c:\windows\5d05zteal94.cpl
c:\windows\5d299hreat2575z.exe
c:\windows\5d85zteal9945.ocx
c:\windows\5d89stz5l1657.cpl
c:\windows\5da6zddwar92508.ocx
c:\windows\5db9thief10z.cpl
c:\windows\5ddzback9oor3225.dll
c:\windows\5e7ebz9kd5or154.exe
c:\windows\5ebzvir9195.bin
c:\windows\5f0cdowzload9r5191.cpl
c:\windows\5f9fbackdoo9z054.dll
c:\windows\5fc5thiefz199.exe
c:\windows\5fcazhief2990.bin
c:\windows\5z29thief869.exe
c:\windows\5z5fv9r944.dll
c:\windows\5z68t9ief585.cpl
c:\windows\5zd9st5al915.bin
c:\windows\60dbspywzre1935.exe
c:\windows\615dzhreat103839.exe
c:\windows\618azddwar91885.bin
c:\windows\6192hacktool5cz.exe
c:\windows\61d5zhief2299.ocx
c:\windows\6399z5ckdoor2811.cpl
c:\windows\63fzste591386.ocx
c:\windows\6445bzckdoor349.cpl
c:\windows\6512bac9dooz3169.exe
c:\windows\6529zpy9e.bin
c:\windows\6572s9arsez574.cpl
c:\windows\65abspywaze12109.dll
c:\windows\65z95hief9144.ocx
c:\windows\6851sp9461z.cpl
c:\windows\6875vir25z9.exe
c:\windows\68e0thiz5963.bin
c:\windows\692spamzot5fc.exe
c:\windows\6954threaz227599.exe
c:\windows\6a05t9rzat24429.exe
c:\windows\6cfadoznloader5697.ocx
c:\windows\6e4fthiefz5559.dll
c:\windows\6f5fsz9al1547.bin
c:\windows\6fe5spyware9662z.dll
c:\windows\6z59ackdoor1050.dll
c:\windows\7009sp54z8.dll
c:\windows\725bdownloade9z519.ocx
c:\windows\7355thiez119.cpl
c:\windows\7529downlozd5r1374.exe
c:\windows\7547tz9ef2554.dll
c:\windows\7552not-a-virzs159.exe
c:\windows\757c9z52246.dll
c:\windows\75z995dware2886.exe
c:\windows\76czspars910245.ocx
c:\windows\7708thr5at12z59.cpl
c:\windows\77zethr5at92623.cpl
c:\windows\7895vzr394.dll
c:\windows\78ees9eal2599z.ocx
c:\windows\792zth59f905.cpl
c:\windows\7977spaz591537.cpl
c:\windows\79875tzal2880.bin
c:\windows\79fasteal59z.dll
c:\windows\7a11sp9wzr51612.ocx
c:\windows\7az9downl59der1997.cpl
c:\windows\7c0b5ownloazer2970.bin
c:\windows\7f0ad9warz591.ocx
c:\windows\7f84spar5z18919.exe
c:\windows\7z4fs9a5se1286.cpl
c:\windows\8233spa5bo94cz.cpl
c:\windows\825zro562e9.bin
c:\windows\865doznload9r907.dll
c:\windows\8759spa5bot7zf.dll
c:\windows\875sparz59921.ocx
c:\windows\8z21t9oj554.dll
c:\windows\8z519py351.dll
c:\windows\904edownlozder2574.exe
c:\windows\9050zteal675.dll
c:\windows\9084not-a-v5z9se0.ocx
c:\windows\90992tzoj15b.bin
c:\windows\9152stzal389.exe
c:\windows\9155virz439.dll
c:\windows\929zt5oj33c.dll
c:\windows\92d7addzare55.dll
c:\windows\9349owzl5ader2386.bin
c:\windows\93dthzeat325519.ocx
c:\windows\94055nz5-a-virus359.dll
c:\windows\944dvir535z.ocx
c:\windows\945z9troj7c7.bin
c:\windows\9523zvirus95.exe
c:\windows\9554vir304z.exe
c:\windows\95cbaddwzre5448.cpl
c:\windows\95z2spar5e83.ocx
c:\windows\96515spambzt7cc.dll
c:\windows\9714spazbo596f.cpl
c:\windows\9734adzwa5e106.dll
c:\windows\9738t9oj51z.dll
c:\windows\975z5ot-a-vi9us3b9.exe
c:\windows\9773spa5boz7b29.cpl
c:\windows\9805spy36dz.ocx
c:\windows\994add5are1z59.dll
c:\windows\9977spzm5ot103.cpl
c:\windows\99825teal62z.exe
c:\windows\999259y7zd.cpl
c:\windows\9b22bzckd5or3085.cpl
c:\windows\9c7zack59or1986.ocx
c:\windows\9e04vz52145.dll
c:\windows\9e5virz649.cpl
c:\windows\9ed7steal1z50.cpl
c:\windows\9f335tezl205.cpl
c:\windows\9z27downloa5er2215.exe
c:\windows\9z8aspyware3532.ocx
c:\windows\a799o5nloaderz38.exe
c:\windows\caaad9war514z7.dll
c:\windows\de19ddwzre2513.exe
c:\windows\eza95r1696.bin
c:\windows\system32\11399s5y245z.dll
c:\windows\system32\1743ba5zdoor759.dll
c:\windows\system32\17569hacktozl67a.exe
c:\windows\system32\30551virzs5fa9.dll
c:\windows\system32\31954spamboz535.dll
c:\windows\system32\34db5zyware2719.dll
c:\windows\system32\3a19zeal590.exe
c:\windows\system32\4196h5cztool188.dll
c:\windows\system32\48efdownl5ad9rz767.bin
c:\windows\system32\4995sp5649z.dll
c:\windows\system32\509threaz9000.dll
c:\windows\system32\513ezir2995.exe
c:\windows\system32\5285ste9l213z.bin
c:\windows\system32\5815vir29z7.dll
c:\windows\system32\59azspy59re676.dll
c:\windows\system32\65fazteal13439.dll
c:\windows\system32\799addwz5e1499.bin
c:\windows\system32\9a4zhreat14550.exe
c:\windows\system32\9e5spyzare9537.bin
c:\windows\system32\b1b5ddware292z.dll
c:\windows\system32\z5f5pyware956.dll
c:\windows\system32\z85529orm7fb.exe
c:\windows\system32\z9505virus2af9.bin
c:\windows\system32\z995sp5999.exe
c:\windows\z125s9y55.exe
c:\windows\z2005acktool9b.dll
c:\windows\z455threa92734.exe
c:\windows\z518spyware9147.exe
c:\windows\z5706sp52d99.bin
c:\windows\z61spyw9re854.cpl
c:\windows\z9080no5-a-virus37.cpl
c:\windows\z9239troj13f5.bin

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-12-27 23:04 . 2009-12-27 23:04 7366 ----a-w- c:\windows\system32\7b5d9ir165z.dll
2009-12-24 08:06 . 2009-12-24 08:06 4385 ----a-w- c:\windows\system32\6837hack5o9l1e6z.exe
2009-12-22 18:50 . 2009-12-22 18:50 6921 ----a-w- c:\windows\system32\15032tz5j396.dll
2009-12-21 23:07 . 2009-12-21 23:07 4133 ----a-w- c:\windows\system32\30567spamb9t5z9.bin
2009-12-05 22:53 . 2009-12-05 22:53 6011 ----a-w- c:\windows\system32\9282not-5-zirus391.bin
2009-12-02 22:59 . 2009-12-02 22:59 2839 ----a-w- c:\windows\system32\50a9vzr2562.bin
2009-11-16 23:32 . 2009-11-16 23:32 3239 ----a-w- c:\windows\system32\11742z5ambot75a9.dll
2009-11-08 02:35 . 2009-11-08 02:35 5949 ----a-w- c:\windows\system32\184znot-a-vir9s4af5.dll
2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys
2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes
2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 19:07 . 2009-10-14 19:07 5275 ----a-w- c:\windows\system32\77fespa9ze6875.dll
2009-10-12 10:50 . 2009-10-12 10:50 6015 ----a-w- c:\windows\system32\z9715virus5e9.bin
2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM
2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-03 16:44 . 2009-10-03 16:44 2910 ----a-w- c:\windows\z6a9downlo9der456.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2
2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal
2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3
2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft
2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO
2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso
2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin
2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft
2009-10-05 15:22 . 2009-10-05 15:22 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlB.tmp
2009-10-05 15:22 . 2009-07-20 00:29 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml23.tmp
2009-10-05 15:22 . 2009-07-20 00:29 0 ----a-w- c:\documents and settings\All Users\Application Data\xml22.tmp
2009-10-05 15:22 . 2009-07-20 00:29 8710 ----a-w- c:\documents and settings\All Users\Application Data\xml21.tmp
2009-09-26 22:14 . 2009-09-26 22:14 4830 ----a-w- c:\windows\system32\21f6ba9kdo5z2738.bin
2009-09-21 22:03 . 2009-09-21 22:03 8380 ----a-w- c:\windows\system32\3ez2thre5t14295.bin
2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation
2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony
2009-09-19 14:12 . 2009-09-19 14:12 17930 ----a-w- c:\windows\system32\ezvir9573.exe
2009-09-19 07:31 . 2009-09-19 07:31 3760 ----a-w- c:\windows\system32\225589a5kzool46d.dll
2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-12 19:37 . 2009-09-12 19:37 17518 ----a-w- c:\windows\system32\f27spywar915z4.exe
2009-09-12 01:36 . 2009-09-12 01:36 11614 ----a-w- c:\windows\a99stezl1576.bin
2009-09-11 11:00 . 2009-09-11 11:00 10219 ----a-w- c:\windows\system32\4654t5ief139z.exe
2009-09-09 15:58 . 2009-09-09 15:58 7875 ----a-w- c:\windows\system32\13525z5rus4e9.bin
2009-09-09 02:03 . 2009-09-09 02:03 6320 ----a-w- c:\windows\system32\270505p930cz.bin
2009-09-07 23:16 . 2009-09-07 23:16 15084 ----a-w- c:\windows\system32\10090s9ambot4z5.dll
2009-09-05 16:30 . 2009-09-05 16:30 16029 ----a-w- c:\windows\system32\72zc5pywar982.bin
2009-09-02 02:46 . 2009-09-02 02:46 11974 ----a-w- c:\windows\system32\2779zs5y97.exe
2009-08-24 01:22 . 2009-08-24 01:22 5780 ----a-w- c:\windows\system32\1439zte591175.exe
2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-20 03:19 . 2009-08-20 03:19 5956 ----a-w- c:\windows\system32\14b9sz5rse89.bin
2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-18 03:09 . 2009-08-18 03:09 13662 ----a-w- c:\windows\system32\24955s9yafz.dll
2009-08-16 00:31 . 2009-08-16 00:31 18258 ----a-w- c:\windows\system32\722zhre5t1596.exe
2009-08-14 20:06 . 2009-08-14 20:06 9641 ----a-w- c:\windows\system32\5z58downloa9er73.dll
2009-08-13 02:39 . 2009-08-13 02:39 14863 ----a-w- c:\windows\system32\1z849troj4955.exe
2009-08-08 02:57 . 2009-08-08 02:57 7233 ----a-w- c:\windows\system32\31314not-a-vi5uz79a.dll
2009-08-07 04:43 . 2009-08-07 04:43 6975 ----a-w- c:\windows\z669not-a-virus615.bin
2009-08-06 03:21 . 2009-08-06 03:21 5242 ----a-w- c:\windows\system32\95z0spy49c.bin
2009-08-06 01:57 . 2009-08-06 01:57 18292 ----a-w- c:\windows\system32\131z2hackt95l7cd.bin
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153]
S1 98795ea2;98795ea2;c:\windows\system32\drivers\98795ea2.sys --> c:\windows\system32\drivers\98795ea2.sys [?]
S3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys --> c:\windows\system32\drivers\iteio.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41]

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 06:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74,
4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\
"??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*]
"datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01,
6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\
"rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-31 6:42
ComboFix-quarantined-files.txt 2009-10-31 10:42

Pre-Run: 41,854,070,784 bytes free
Post-Run: 41,970,520,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 1FB80584EA790AA38B1C435152376BFE



So, what do i do now?

[miekiemoes]

Hi,

Quote

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

That was the cause of your BSODs.

Anyway, we still need to cleanup some files here.. Most are dummy files created by a Rogue scanner, that's why scanners don't pick them up since these files don't do anything.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Quote

File::
c:\windows\system32\7b5d9ir165z.dll
c:\windows\system32\6837hack5o9l1e6z.exe
c:\windows\system32\15032tz5j396.dll
c:\windows\system32\30567spamb9t5z9.bin
c:\windows\system32\9282not-5-zirus391.bin
c:\windows\system32\50a9vzr2562.bin
c:\windows\system32\11742z5ambot75a9.dll
c:\windows\system32\184znot-a-vir9s4af5.dll
c:\windows\system32\77fespa9ze6875.dll
c:\windows\system32\z9715virus5e9.bin
c:\windows\z6a9downlo9der456.exe
c:\documents and settings\All Users\Application Data\xmlB.tmp
c:\documents and settings\All Users\Application Data\xml23.tmp
c:\documents and settings\All Users\Application Data\xml22.tmp
c:\documents and settings\All Users\Application Data\xml21.tmp
c:\windows\system32\21f6ba9kdo5z2738.bin
c:\windows\system32\3ez2thre5t14295.bin
c:\windows\system32\ezvir9573.exe
c:\windows\system32\225589a5kzool46d.dll
c:\windows\system32\f27spywar915z4.exe
c:\windows\a99stezl1576.bin
c:\windows\system32\4654t5ief139z.exe
c:\windows\system32\13525z5rus4e9.bin
c:\windows\system32\270505p930cz.bin
c:\windows\system32\10090s9ambot4z5.dll
c:\windows\system32\72zc5pywar982.bin
c:\windows\system32\2779zs5y97.exe
c:\windows\system32\1439zte591175.exe
c:\windows\system32\14b9sz5rse89.bin
c:\windows\system32\24955s9yafz.dll
c:\windows\system32\722zhre5t1596.exe
c:\windows\system32\5z58downloa9er73.dll
c:\windows\system32\1z849troj4955.exe
c:\windows\system32\31314not-a-vi5uz79a.dll
c:\windows\z669not-a-virus615.bin
c:\windows\system32\95z0spy49c.bin
c:\windows\system32\131z2hackt95l7cd.bin
Driver::
iteio
98795ea2

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[Reach]

ComboFix 09-10-30.01 - Frederick Dumaresq 31/10/2009 7:04.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2756 [GMT -4:00]
Running from: c:\documents and settings\Frederick Dumaresq\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frederick Dumaresq\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\All Users\Application Data\xml21.tmp"
"c:\documents and settings\All Users\Application Data\xml22.tmp"
"c:\documents and settings\All Users\Application Data\xml23.tmp"
"c:\documents and settings\All Users\Application Data\xmlB.tmp"
"c:\windows\a99stezl1576.bin"
"c:\windows\system32\10090s9ambot4z5.dll"
"c:\windows\system32\11742z5ambot75a9.dll"
"c:\windows\system32\131z2hackt95l7cd.bin"
"c:\windows\system32\13525z5rus4e9.bin"
"c:\windows\system32\1439zte591175.exe"
"c:\windows\system32\14b9sz5rse89.bin"
"c:\windows\system32\15032tz5j396.dll"
"c:\windows\system32\184znot-a-vir9s4af5.dll"
"c:\windows\system32\1z849troj4955.exe"
"c:\windows\system32\21f6ba9kdo5z2738.bin"
"c:\windows\system32\225589a5kzool46d.dll"
"c:\windows\system32\24955s9yafz.dll"
"c:\windows\system32\270505p930cz.bin"
"c:\windows\system32\2779zs5y97.exe"
"c:\windows\system32\30567spamb9t5z9.bin"
"c:\windows\system32\31314not-a-vi5uz79a.dll"
"c:\windows\system32\3ez2thre5t14295.bin"
"c:\windows\system32\4654t5ief139z.exe"
"c:\windows\system32\50a9vzr2562.bin"
"c:\windows\system32\5z58downloa9er73.dll"
"c:\windows\system32\6837hack5o9l1e6z.exe"
"c:\windows\system32\722zhre5t1596.exe"
"c:\windows\system32\72zc5pywar982.bin"
"c:\windows\system32\77fespa9ze6875.dll"
"c:\windows\system32\7b5d9ir165z.dll"
"c:\windows\system32\9282not-5-zirus391.bin"
"c:\windows\system32\95z0spy49c.bin"
"c:\windows\system32\ezvir9573.exe"
"c:\windows\system32\f27spywar915z4.exe"
"c:\windows\system32\z9715virus5e9.bin"
"c:\windows\z669not-a-virus615.bin"
"c:\windows\z6a9downlo9der456.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\xml21.tmp
c:\documents and settings\All Users\Application Data\xml22.tmp
c:\documents and settings\All Users\Application Data\xml23.tmp
c:\documents and settings\All Users\Application Data\xmlB.tmp
c:\windows\a99stezl1576.bin
c:\windows\b10vir15z59.ocx
c:\windows\ee1z5ief1169.ocx
c:\windows\ee9s5eal9943z.bin
c:\windows\system32\10090s9ambot4z5.dll
c:\windows\system32\10531hack5zo92eb.ocx
c:\windows\system32\10746z5r9s126.ocx
c:\windows\system32\11195notza-vir9s151.bin
c:\windows\system32\1125downlozder1397.bin
c:\windows\system32\11548hackto951z7.bin
c:\windows\system32\11742z5ambot75a9.dll
c:\windows\system32\11c5spyw9re56z.ocx
c:\windows\system32\12219not5azviru94f.cpl
c:\windows\system32\122979i5us4az.exe
c:\windows\system32\1229dow5loade92681z.cpl
c:\windows\system32\123685r9z439.bin
c:\windows\system32\12609not-a-viruz125.cpl
c:\windows\system32\12821s9ambo512z.exe
c:\windows\system32\12951zroj3b2.ocx
c:\windows\system32\12z5downloade525599.exe
c:\windows\system32\131z2hackt95l7cd.bin
c:\windows\system32\13260t9oj53z.bin
c:\windows\system32\13525z5rus4e9.bin
c:\windows\system32\13619virz5693.dll
c:\windows\system32\1439zte591175.exe
c:\windows\system32\14552spa9zot1cc.cpl
c:\windows\system32\14b9sz5rse89.bin
c:\windows\system32\15032tz5j396.dll
c:\windows\system32\15069sz5mbot74.ocx
c:\windows\system32\15084wz5m7fd9.exe
c:\windows\system32\1534szy9are1924.exe
c:\windows\system32\15409spa9boz4c8.bin
c:\windows\system32\15521hac9tooz3eb.ocx
c:\windows\system32\15569iruz5805.exe
c:\windows\system32\15623zpambo54289.ocx
c:\windows\system32\15631trzj4a89.dll
c:\windows\system32\156769pa5zot1a5.ocx
c:\windows\system32\15684hac5tzo938b.cpl
c:\windows\system32\15fav5r1399z.bin
c:\windows\system32\15z665o9m3c4.ocx
c:\windows\system32\15zes5ar9e961.dll
c:\windows\system32\16265w9rm2d5z.bin
c:\windows\system32\16642wor5z09.dll
c:\windows\system32\16691tro55az.bin
c:\windows\system32\1719vir2350z.cpl
c:\windows\system32\171z8s95mbot4f0.ocx
c:\windows\system32\17207spy5z9.dll
c:\windows\system32\172875roj939z.dll
c:\windows\system32\17295ot-a9viruzf8.dll
c:\windows\system32\17536hac95ool52z.bin
c:\windows\system32\18179not-5-virzse8.bin
c:\windows\system32\184znot-a-vir9s4af5.dll
c:\windows\system32\18656zroj3e9.exe
c:\windows\system32\18908hackto9lz1a5.bin
c:\windows\system32\18e9zpa5se8909.dll
c:\windows\system32\1922zhreat942185.dll
c:\windows\system32\19294wzrm5b9.cpl
c:\windows\system32\1943thi5fz57.ocx
c:\windows\system32\19565haz5tool605.bin
c:\windows\system32\19729sp5zbot1c9.cpl
c:\windows\system32\19751h9c5toolzc4.ocx
c:\windows\system32\19994wo5m2z5.ocx
c:\windows\system32\199z3vir5s6e19.cpl
c:\windows\system32\19a1vz5999.bin
c:\windows\system32\1be5i91z75.cpl
c:\windows\system32\1cb5tzr9at737.ocx
c:\windows\system32\1cf65zreat5952.exe
c:\windows\system32\1ec8zh59at30351.exe
c:\windows\system32\1z519virus6a5.ocx
c:\windows\system32\1z555spy43b9.dll
c:\windows\system32\1z5thief2973.bin
c:\windows\system32\1z849troj4955.exe
c:\windows\system32\1ze95ownloader2386.dll
c:\windows\system32\20452t9oj1az.ocx
c:\windows\system32\20476viz9s915.cpl
c:\windows\system32\20572spamzo9656.dll
c:\windows\system32\209z8spy9985.ocx
c:\windows\system32\211969ot-a-v5rus190z.ocx
c:\windows\system32\21684s5ambzt3239.cpl
c:\windows\system32\21859vzrus5ce.dll
c:\windows\system32\21d3baczdoor905.exe
c:\windows\system32\21f6ba9kdo5z2738.bin
c:\windows\system32\22055s9ambot5f7z.ocx
c:\windows\system32\22111vzrus2195.exe
c:\windows\system32\2231z9ir5s7b.bin
c:\windows\system32\22515teaz1191.ocx
c:\windows\system32\225589a5kzool46d.dll
c:\windows\system32\22629tr5jzb99.ocx
c:\windows\system32\23599not-a5vi9uz409.exe
c:\windows\system32\238fdownlo9zer25965.ocx
c:\windows\system32\23941tr9j75z.bin
c:\windows\system32\2398sp55d3z.ocx
c:\windows\system32\249335rojz5c.ocx
c:\windows\system32\24955s9yafz.dll
c:\windows\system32\25042viz9s534.exe
c:\windows\system32\2510stea5z589.cpl
c:\windows\system32\25152sp9z91.cpl
c:\windows\system32\253115ot-a-v9rusz5a.exe
c:\windows\system32\253819zcktool663.cpl
c:\windows\system32\2558zownloade9599.cpl
c:\windows\system32\255dviz229.cpl
c:\windows\system32\25739ir2z14.exe
c:\windows\system32\2596zhacktool50d.bin
c:\windows\system32\25adtzie9509.bin
c:\windows\system32\25c2thief179z9.ocx
c:\windows\system32\265519pambot7d0z.exe
c:\windows\system32\2671download5r9901z.exe
c:\windows\system32\26b55hiefz29.ocx
c:\windows\system32\270505p930cz.bin
c:\windows\system32\2779zs5y97.exe
c:\windows\system32\27802hack9o5l4a5z.cpl
c:\windows\system32\27995spyz05.cpl
c:\windows\system32\28951viru9z1c.bin
c:\windows\system32\289zs953c7.cpl
c:\windows\system32\2908szeal535.ocx
c:\windows\system32\2926addw5re165z.bin
c:\windows\system32\29393viruz5995.bin
c:\windows\system32\294709ac5tzol241.exe
c:\windows\system32\29515vizus6e0.bin
c:\windows\system32\29557vzru93b.ocx
c:\windows\system32\2959spywaze972.ocx
c:\windows\system32\296195pz91e.bin
c:\windows\system32\2963zviru515c.cpl
c:\windows\system32\29655spy1zf.bin
c:\windows\system32\29835spy72z.bin
c:\windows\system32\298sz5rse2299.dll
c:\windows\system32\2c79spywaz5248.bin
c:\windows\system32\2e09azdware459.cpl
c:\windows\system32\2ebez5eal2493.dll
c:\windows\system32\2ed15zreat14395.bin
c:\windows\system32\2f25b9ckdzo52191.dll
c:\windows\system32\2z47spamb9tf15.cpl
c:\windows\system32\2z590worm5099.cpl
c:\windows\system32\3050szarse18429.bin
c:\windows\system32\30565t9zj545.dll
c:\windows\system32\30567spamb9t5z9.bin
c:\windows\system32\305cszarse1399.bin
c:\windows\system32\306z7hac95ool618.bin
c:\windows\system32\3077wo9m50z.cpl
c:\windows\system32\31089wz9m50.ocx
c:\windows\system32\31146ha59tool7ze.dll
c:\windows\system32\31314not-a-vi5uz79a.dll
c:\windows\system32\313729pambot450z.exe
c:\windows\system32\3174nz5-a-v9rus759.ocx
c:\windows\system32\31955spaz9ot276.exe
c:\windows\system32\31z959ot-5-virus135.bin
c:\windows\system32\3236thief9275z.cpl
c:\windows\system32\323eb9ckdoor2594z.exe
c:\windows\system32\32584tzo9519.cpl
c:\windows\system32\32591zot-a-virus10e.dll
c:\windows\system32\32915dzware180.cpl
c:\windows\system32\3392zackdoor2285.ocx
c:\windows\system32\3415virzs6bb9.bin
c:\windows\system32\34d7a5dwarz959.bin
c:\windows\system32\3529vi52597z.ocx
c:\windows\system32\3534downloadez69.cpl
c:\windows\system32\359sparsez719.ocx
c:\windows\system32\3609viz5669.bin
c:\windows\system32\3676dz9nload5r67.cpl
c:\windows\system32\3695add9ar517z9.bin
c:\windows\system32\3770downloadz92325.exe
c:\windows\system32\383cthrea985z2.dll
c:\windows\system32\3859a5dware2576z.exe
c:\windows\system32\38a4thr5az90199.cpl
c:\windows\system32\392as5zrse3977.ocx
c:\windows\system32\3951backdooz1479.bin
c:\windows\system32\3958vir2z86.cpl
c:\windows\system32\395z5spy6ce.dll
c:\windows\system32\39ddowzlo5der2790.ocx
c:\windows\system32\39fszy5are16799.cpl
c:\windows\system32\39z2thr5at96092.exe
c:\windows\system32\39zcvi5669.cpl
c:\windows\system32\3a29sparse11z5.exe
c:\windows\system32\3a76spzrse1935.cpl
c:\windows\system32\3a95zackdoo51797.cpl
c:\windows\system32\3bbadownloa9er2315z.ocx
c:\windows\system32\3bcft9izf354.bin
c:\windows\system32\3de9thz5f60.exe
c:\windows\system32\3ea6ste9l59z5.cpl
c:\windows\system32\3ez2thre5t14295.bin
c:\windows\system32\3fc65ddwaze9049.dll
c:\windows\system32\3z457sp9mbot5bc.dll
c:\windows\system32\3zd0threa954817.dll
c:\windows\system32\40eaaddw95z2935.cpl
c:\windows\system32\410859yz61.cpl
c:\windows\system32\4179doznlo5der3162.ocx
c:\windows\system32\41995hiez223.dll
c:\windows\system32\41a3spzrse27985.bin
c:\windows\system32\42b0spz5are1964.dll
c:\windows\system32\4492zh5ef2279.dll
c:\windows\system32\449fbackd5or12z4.exe
c:\windows\system32\4654t5ief139z.exe
c:\windows\system32\473athr5atz619.ocx
c:\windows\system32\4760zir97705.ocx
c:\windows\system32\47c1b95kdozr2932.cpl
c:\windows\system32\486cdown9oade56z5.cpl
c:\windows\system32\4955spazb9t621.ocx
c:\windows\system32\4996w5rm7ze.exe
c:\windows\system32\49a7adzw5re1555.exe
c:\windows\system32\49zfaddwa5e2542.exe
c:\windows\system32\4e46bac5do9r2z68.exe
c:\windows\system32\4f9th5eat289z9.exe
c:\windows\system32\4z7evi9590.bin
c:\windows\system32\4z97sparse544.exe
c:\windows\system32\502a9dwarz1877.ocx
c:\windows\system32\50a9vzr2562.bin
c:\windows\system32\51849ha9ktool2ez.ocx
c:\windows\system32\51baadzw9re12.exe
c:\windows\system32\5226not-a5vzr9s33e.ocx
c:\windows\system32\52699zorm3e3.cpl
c:\windows\system32\5339z5eal31069.ocx
c:\windows\system32\5357t9oz3e0.exe
c:\windows\system32\544tr9j778z.cpl
c:\windows\system32\54a25te9lz996.dll
c:\windows\system32\5585sp9rse1z62.cpl
c:\windows\system32\5589spywarez395.exe
c:\windows\system32\5590steal81z.ocx
c:\windows\system32\55999t9oj4zf.bin
c:\windows\system32\561spyz59.ocx
c:\windows\system32\56985w9rmfz.exe
c:\windows\system32\56e19pywarz5895.exe
c:\windows\system32\5705tz5eat93074.exe
c:\windows\system32\5755haczt9ol3a4.ocx
c:\windows\system32\57692spambot135z.cpl
c:\windows\system32\57857spamboz923.ocx
c:\windows\system32\579z9py3f2.exe
c:\windows\system32\591dthrezt16419.exe
c:\windows\system32\59524virus939z.ocx
c:\windows\system32\59997spy605z.bin
c:\windows\system32\599daddware628z.dll
c:\windows\system32\599zv5r1985.cpl
c:\windows\system32\59e7sparse59z.dll
c:\windows\system32\5aebspywa951z37.dll
c:\windows\system32\5b2zbac9door1249.bin
c:\windows\system32\5d8dvzr9574.bin
c:\windows\system32\5d9dad5w9ze1097.cpl
c:\windows\system32\5z58downloa9er73.dll
c:\windows\system32\5z988spambo97bf.cpl
c:\windows\system32\5z998hackt9ol10.dll
c:\windows\system32\5zc3t5reat97864.cpl
c:\windows\system32\6020zac95ool194.exe
c:\windows\system32\6101do5nloadez2909.exe
c:\windows\system32\62ces5y9are114z.bin
c:\windows\system32\640bac5dzor2519.ocx
c:\windows\system32\6465spz9are2025.bin
c:\windows\system32\65685ozm7059.cpl
c:\windows\system32\6593spyware2075z.dll
c:\windows\system32\65fa59r292z.exe
c:\windows\system32\6629s9zal27255.cpl
c:\windows\system32\6702downl5ad9z1684.bin
c:\windows\system32\6837hack5o9l1e6z.exe
c:\windows\system32\6855vir89z.exe
c:\windows\system32\689zs5arse11969.bin
c:\windows\system32\68f29hreat285z4.exe
c:\windows\system32\6991zorm559.cpl
c:\windows\system32\69f9dow9loazer2055.exe
c:\windows\system32\6a84thre9t435z.cpl
c:\windows\system32\6b79tzie52949.ocx
c:\windows\system32\6be75zr9at25900.bin
c:\windows\system32\6bz1steal20795.ocx
c:\windows\system32\6c00backd59rz080.cpl
c:\windows\system32\6cd3spzrs918945.dll
c:\windows\system32\6ed5s9yware1519z.ocx
c:\windows\system32\6z5fthrea923575.bin
c:\windows\system32\6z9bsteal5582.ocx
c:\windows\system32\6zbbt95eat12676.exe
c:\windows\system32\7092tr5950z.exe
c:\windows\system32\70c1zpar9e1525.exe
c:\windows\system32\71c0szyw5re9507.dll
c:\windows\system32\71za9tea51126.ocx
c:\windows\system32\722zhre5t1596.exe
c:\windows\system32\7275b9ckdoor29z3.exe
c:\windows\system32\72zc5pywar982.bin
c:\windows\system32\74c7s5ywaz9165.ocx
c:\windows\system32\7554zhreat39779.exe
c:\windows\system32\7591worm2z.dll
c:\windows\system32\75a5virz299.cpl
c:\windows\system32\7651zirus5f99.bin
c:\windows\system32\7652thr9zt16467.cpl
c:\windows\system32\7665pyware3049z.ocx
c:\windows\system32\7727spars93z25.ocx
c:\windows\system32\779es5zrse1739.ocx
c:\windows\system32\77b3tzief21059.dll
c:\windows\system32\77fespa9ze6875.dll
c:\windows\system32\7849backzoo52666.cpl
c:\windows\system32\792za5dware3949.dll
c:\windows\system32\79349pamboz523.ocx
c:\windows\system32\798b5iz2547.exe
c:\windows\system32\79d2back5oor3z25.ocx
c:\windows\system32\79dzspa5se1109.bin
c:\windows\system32\7b5d9ir165z.dll
c:\windows\system32\7c9eaddzare595.ocx
c:\windows\system32\7czbspars918205.exe
c:\windows\system32\7e5aste9z539.dll
c:\windows\system32\7z41downloa5e92953.cpl
c:\windows\system32\7z5fthi9f2923.exe
c:\windows\system32\8076w5rz191.cpl
c:\windows\system32\829w5rm7z6.ocx
c:\windows\system32\867h9cktozl544.cpl
c:\windows\system32\8z45sp9475.ocx
c:\windows\system32\905z5ddware1294.exe
c:\windows\system32\91559szambotdc.ocx
c:\windows\system32\922thie521z3.cpl
c:\windows\system32\9282not-5-zirus391.bin
c:\windows\system32\92991trzj6855.dll
c:\windows\system32\93002not-a-virzs5c1.exe
c:\windows\system32\9372w5rz286.dll
c:\windows\system32\9458steaz2696.ocx
c:\windows\system32\945cvir1345z.ocx
c:\windows\system32\951threzt26331.cpl
c:\windows\system32\953e5ownloadzr2701.bin
c:\windows\system32\95z0spy49c.bin
c:\windows\system32\95z5thief2709.exe
c:\windows\system32\960stea52z98.dll
c:\windows\system32\9815downzoader3180.cpl
c:\windows\system32\9875s9amzot7c45.ocx
c:\windows\system32\98z55spambot5c9.bin
c:\windows\system32\995zno9-5-virus309.exe
c:\windows\system32\9c51vir1z95.cpl
c:\windows\system32\9d0daddwaze2954.cpl
c:\windows\system32\9z95hief9496.ocx
c:\windows\system32\9zebspywar5710.cpl
c:\windows\system32\b48dzwnloader98755.dll
c:\windows\system32\d07sp5rse9574z.dll
c:\windows\system32\d49steal5z39.dll
c:\windows\system32\e35sparze2795.cpl
c:\windows\system32\ezvir9573.exe
c:\windows\system32\f27spywar915z4.exe
c:\windows\system32\fdabackdzor35819.bin
c:\windows\system32\z26cspars51690.cpl
c:\windows\system32\z4994tr5j159.ocx
c:\windows\system32\z562tro9150.bin
c:\windows\system32\z5725s95735.ocx
c:\windows\system32\z581down9oader2400.bin
c:\windows\system32\z657spa5bo97bb.cpl
c:\windows\system32\z7565teal9929.bin
c:\windows\system32\z8895spam5ot284.ocx
c:\windows\system32\z94bs5yware2337.dll
c:\windows\system32\z9715virus5e9.bin
c:\windows\system32\zb14sp9rse5345.ocx
c:\windows\system32\zb4d9pyw5re1220.cpl
c:\windows\system32\zd869hief8505.dll
c:\windows\system32\zf89s9yware24805.ocx
c:\windows\z033ad5wa9e609.dll
c:\windows\z17d5hr9at3969.cpl
c:\windows\z1d3spyware3159.exe
c:\windows\z258ste5l1749.cpl
c:\windows\z455spyd09.ocx
c:\windows\z472spy1e95.exe
c:\windows\z5298worm9b8.bin
c:\windows\z5635s958.ocx
c:\windows\z5968tro9426.bin
c:\windows\z669not-a-virus615.bin
c:\windows\z679troj457.bin
c:\windows\z6a9downlo9der456.exe
c:\windows\z7635hackto5lea9.bin
c:\windows\z8963ha59tool695.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_98795ea2
-------\Service_iteio


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 10:28 . 2007-06-13 15:47 48256 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-10-31 10:28 . 2005-06-20 22:53 60928 ----a-w- c:\windows\system32\drivers\viamraid.sys
2009-10-30 16:39 . 2009-10-30 16:39 -------- d-----w- c:\program files\Trend Micro
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Malwarebytes
2009-10-30 14:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 14:55 . 2009-10-30 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 14:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 09:46 . 2009-10-11 02:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 02:41 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-11 02:39 . 2009-10-11 02:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-09 16:30 . 2009-10-09 16:30 -------- d-----w- c:\program files\CAPCOM
2009-10-09 16:29 . 2009-10-09 16:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 12:20 . 2008-06-19 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-27 23:57 . 2007-11-22 04:12 -------- d-----w- c:\program files\GTR2
2009-10-27 23:56 . 2008-12-13 15:08 -------- d-----w- c:\program files\Rummy Royal
2009-10-27 23:55 . 2008-11-01 12:28 -------- d-----w- c:\program files\Fallout 3
2009-10-27 23:54 . 2007-08-02 21:09 -------- d-----w- c:\program files\Ubisoft
2009-10-27 04:19 . 2008-10-02 14:10 -------- d-----w- c:\program files\MagicISO
2009-10-25 21:45 . 2009-06-30 15:03 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Vso
2009-10-15 23:43 . 2009-01-29 18:54 3532 ----a-w- C:\drmHeader.bin
2009-10-11 02:41 . 2007-08-02 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-11 02:39 . 2007-08-02 11:11 -------- d-----w- c:\program files\Lavasoft
2009-09-20 22:07 . 2009-09-20 22:07 -------- d-----w- c:\documents and settings\Frederick Dumaresq\Application Data\Sony Corporation
2009-09-20 22:02 . 2007-08-02 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 22:02 . 2009-09-20 22:02 -------- d-----w- c:\program files\Sony
2009-09-18 01:06 . 2007-08-02 09:07 19368 ------w- c:\documents and settings\Frederick Dumaresq\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Microsoft
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live
2009-09-18 00:58 . 2009-09-18 00:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-18 00:54 . 2009-09-18 00:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-23 06:59 . 2007-08-04 12:34 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-23 06:59 . 2007-08-03 12:38 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-19 12:53 . 2008-06-19 17:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 12:53 . 2008-06-19 17:12 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 12:53 . 2007-08-02 10:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_10.41.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-31 11:09 . 2009-10-31 11:09 16384 c:\windows\temp\Perflib_Perfdata_530.dat
+ 2006-02-28 12:00 . 2009-10-31 10:43 71264 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-10-31 10:36 71264 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-10-31 10:43 441454 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2009-10-31 10:36 441454 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-2 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-2 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dldfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=
"c:\\Program Files\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/10/2009 10:41 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 1:12 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/06/2008 1:12 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [02/08/2007 9:29 PM 13696]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 9:42 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 12:19 PM 297752]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1028432]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [11/07/2001 11:06 AM 23153]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [19/07/2009 8:28 PM 98488]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 02:41]

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{954CFAEC-E4E0-42D4-8965-1BF279566081}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 07:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,85,26,81,5b,9c,1d,e7,5d,06,61,38,7b,b8,c3,e1,66,b8,ad,fc,d8,38,74,
4a,57,5f,0e,58,5b,84,45,45,e4,03,4f,1c,a1,aa,9e,60,b1,5c,cf,5b,55,32,29,71,\
"??"=hex:c6,15,46,c6,be,5d,18,91,dc,c8,d0,c2,7d,87,e6,c1

[HKEY_USERS\S-1-5-21-1292428093-1383384898-839522115-1003\Software\SecuROM\license information*]
"datasecu"=hex:a6,ff,86,e6,1f,ca,49,54,30,90,08,6d,3d,1b,aa,f2,15,ba,fe,c9,01,
6b,42,df,7a,63,77,f1,e1,a4,ff,9d,5a,cf,09,f5,63,83,e0,4b,0e,fe,c4,3d,b4,a7,\
"rkeysecu"=hex:78,00,ce,66,0a,8c,aa,90,88,57,b9,51,bd,90,bf,6a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(868)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\KEMHook.dll
c:\docume~1\FREDER~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\MSI.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\dldfcoms.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-10-31 7:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 11:14
ComboFix2.txt 2009-10-31 10:42

Pre-Run: 41,979,203,584 bytes free
Post-Run: 41,857,232,896 bytes free

- - End Of File - - E4D086F74418FFB1232F23378045EDA7

[miekiemoes]

Hi,

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[Reach]

MWAM and AVG don't seem to detect anything and my computer boots normally again!

Thank you so very much for your time and expertise, much appretiated!! Merci beaucoup!

[miekiemoes]

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.