IslandTomato

Members
  • Content count

    14
  • Joined

  • Last visited

About IslandTomato

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Below is the log from Security Check. So far, my computer is working fine but I will give you an update again in a couple of days. Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Adobe After Effects CS3 Presets Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 CCleaner Adobe Flash Player 10 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log```````````
  2. Here is the FSecure log: Scanning Report Sunday, November 15, 2009 01:29:30 - 04:04:25 Computer name: TOMI-C7CB8BCCC2 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ F:\ 31 malware found Trojan.Generic.2636403 (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP551\A0077179.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.du4@emT!hKm (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP551\A0077180.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.fy4@dCSylSm (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076986.DLL (Renamed) Trojan.Generic.2642843 (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076985.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076988.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076987.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076989.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076990.DLL (Renamed & Submitted) Trojan.Generic.2622268 (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076992.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.du4@emT!hKm (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076993.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.du4@emT!hKm (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076991.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076994.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076997.DLL (Renamed & Submitted) Trojan.Generic.2624477 (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076996.DLL (Renamed) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP547\A0076999.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.dy4@dWcKA2g (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP546\A0076780.DLL (Renamed) Gen:Trojan.Heur.Vundo.dy4@d4ntdQl (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP533\A0074803.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP533\A0075400.DLL (Renamed) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP533\A0075401.DLL (Renamed & Submitted) Trojan.Vundo.GQS (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP533\A0075403.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP531\A0073028.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP531\A0073249.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070469.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070468.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070470.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070561.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070562.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070565.DLL (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070567.DLL (Renamed & Submitted) Gen:Trojan.Heur.Vundo.fy4@diJQdCi (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070566.DLL (Renamed) Trojan-Downloader:W32/Renos.gen!C (virus) * C:\SYSTEM VOLUME INFORMATION\_RESTORE{755E991F-E7A9-41C5-BC85-9466826D9C8D}\RP530\A0070568.DLL (Renamed & Submitted) Statistics Scanned: * Files: 92661 * System: 3384 * Not scanned: 6 Actions: * Disinfected: 0 * Renamed: 31 * Deleted: 0 * Not cleaned: 0 * Submitted: 26 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics
  3. Here are the ComboFix and HijackThis logs: ComboFix 09-11-15.01 - Tomi Yamamoto 11/15/2009 0:00.6.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.653 [GMT -6:00] Running from: c:\documents and settings\Tomi Yamamoto\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tomi Yamamoto\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\peluloge.dll" . ((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 ))))))))))))))))))))))))))))))) . 2009-11-03 16:00 . 2009-11-03 16:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-29 04:27 . 2009-10-29 04:27 -------- d-----w- c:\program files\CCleaner 2009-10-29 04:07 . 2006-09-05 19:28 38480 ------w- c:\windows\system32\IJRMF.exe 2009-10-29 01:52 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 01:52 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-26 20:12 . 2009-10-29 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 05:01 . 2009-10-26 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-10-26 01:11 . 2009-10-26 01:11 -------- d-----w- c:\program files\Trend Micro 2009-10-26 00:34 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\ACPI_2.sys 2009-10-25 23:36 . 2009-10-25 23:36 -------- d-----w- C:\ProgramData 2009-10-25 23:03 . 2009-10-25 23:03 -------- d-----w- c:\documents and settings\Tomi Yamamoto\Application Data\Malwarebytes 2009-10-24 22:16 . 2009-10-24 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 23:01 . 2009-08-26 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-10-29 04:37 . 2008-05-24 21:36 66560 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll 2009-10-29 04:07 . 2007-05-20 04:07 -------- d-----w- c:\program files\Logitech 2009-10-29 04:00 . 2007-05-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-10-29 03:57 . 2007-05-18 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-29 03:32 . 2009-06-06 20:57 -------- d-----w- c:\program files\Bonjour 2009-10-29 03:27 . 2007-05-20 03:23 -------- d-----w- c:\program files\iPod 2009-10-27 00:24 . 2009-06-07 02:23 -------- d-----w- c:\program files\Alwil Software 2009-09-30 18:07 . 2007-07-21 20:18 72744 ----a-w- c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 19:51 . 2009-09-17 19:51 -------- d-----w- c:\program files\MSECache 2009-09-15 10:59 . 2009-06-07 02:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2009-06-07 02:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2009-06-07 02:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2009-06-07 02:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2009-06-07 02:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2009-06-07 02:24 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2009-06-07 02:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2009-06-07 02:24 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2009-06-07 02:24 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 06:31 . 2009-08-25 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-04_16.30.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-13 09:33 . 2009-11-13 09:33 16384 c:\windows\Temp\Perflib_Perfdata_480.dat + 2007-05-20 19:15 . 2009-11-13 09:13 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-05-20 19:15 . 2009-10-14 08:15 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-05-20 19:15 . 2009-10-14 08:15 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-05-20 19:15 . 2009-11-13 09:13 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-05-20 19:15 . 2009-11-13 09:13 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-05-20 19:15 . 2009-10-14 08:15 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-05-20 19:15 . 2009-11-13 09:13 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-05-20 19:15 . 2009-10-14 08:15 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-05-20 19:15 . 2009-11-13 09:13 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-05-20 19:15 . 2009-10-14 08:15 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-11-13 09:11 . 2009-11-13 09:11 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2009-10-30 08:01 . 2009-10-30 08:01 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2007-05-20 19:15 . 2009-10-14 08:15 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-05-20 19:15 . 2009-11-13 09:13 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-05-20 19:15 . 2009-11-13 09:13 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-05-20 19:15 . 2009-10-14 08:15 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-05-20 19:15 . 2009-10-14 08:15 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-05-20 19:15 . 2009-11-13 09:13 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-05-20 19:15 . 2009-10-14 08:15 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-05-20 19:15 . 2009-11-13 09:13 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-05-20 19:15 . 2009-10-14 08:15 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-05-20 19:15 . 2009-11-13 09:13 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-05-20 19:15 . 2009-10-14 08:15 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-05-20 19:15 . 2009-11-13 09:13 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-05-20 19:15 . 2009-10-14 08:15 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-05-20 19:15 . 2009-11-13 09:13 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-11-09 09:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-09 09:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2006-02-28 12:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys + 2006-02-28 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2007-05-18 16:13 . 2009-11-13 09:33 1571792 c:\windows\system32\FNTCACHE.DAT - 2007-05-18 16:13 . 2009-10-04 03:58 1571792 c:\windows\system32\FNTCACHE.DAT + 2008-10-15 09:32 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys + 2006-02-28 12:00 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-10-22 18:46 . 2009-10-22 18:46 6821888 c:\windows\Installer\148e033c.msp + 2009-08-18 18:58 . 2009-08-18 18:58 8301056 c:\windows\Installer\148e0326.msp + 2009-10-07 00:40 . 2009-10-07 00:40 7681024 c:\windows\Installer\148e031c.msp + 2009-10-22 18:28 . 2009-10-22 18:28 5521408 c:\windows\Installer\148e0306.msp + 2009-11-09 09:01 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll + 2009-11-13 09:07 . 2009-11-05 15:36 26768832 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-07 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-04-04 2002944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-19 450560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\sysreset\\mirc.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"= "c:\\Program Files\\NETGEAR\\WN311B\\Utility\\WN311B.exe"= "c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/6/2009 8:23 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2009 8:23 PM 20560] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/26/2007 1:17 PM 36013] S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 2:57 PM 814728] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [9/7/2008 5:46 PM 16194] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57] 2009-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003Core.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] 2009-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003UA.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\Tomi Yamamoto\Application Data\Mozilla\Firefox\Profiles\cwdfv541.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-15 00:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqq.sys >>UNKNOWN [0x86F8D938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7422B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3080) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-11-15 00:14 ComboFix-quarantined-files.txt 2009-11-15 06:14 ComboFix2.txt 2009-11-08 17:46 ComboFix3.txt 2009-11-04 16:52 Pre-Run: 17,474,695,168 bytes free Post-Run: 17,446,940,672 bytes free - - End Of File - - AF67856F181180F6C76D2CF1D1A1003E Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:21:48 AM, on 11/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179530451500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 9253 bytes
  4. Here is the link for the analysis on Virus Total
  5. Here is the log but I didn't get a separate message to send the files. I copied the script exactly as you posted. ComboFix 09-11-07.04 - Tomi Yamamoto 11/08/2009 11:16.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.643 [GMT -6:00] Running from: c:\documents and settings\Tomi Yamamoto\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tomi Yamamoto\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091108-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} file zipped: c:\windows\system32\fesusipa.dll file zipped: c:\windows\system32\hufebido.dll file zipped: c:\windows\system32\jakilalo.dll file zipped: c:\windows\system32\leliwuwu.dll file zipped: c:\windows\system32\mopijuya.dll file zipped: c:\windows\system32\pahezoya.dll file zipped: c:\windows\system32\sabelowo.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\fesusipa.dll c:\windows\system32\fumivuju.dll c:\windows\system32\hufebido.dll c:\windows\system32\jakilalo.dll c:\windows\system32\kedidabo.dll c:\windows\system32\leliwuwu.dll c:\windows\system32\mopijuya.dll c:\windows\system32\pahezoya.dll c:\windows\system32\rilihoki.dll c:\windows\system32\sabelowo.dll c:\windows\system32\turazapu.dll . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-03 16:00 . 2009-11-03 16:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-29 04:27 . 2009-10-29 04:27 -------- d-----w- c:\program files\CCleaner 2009-10-29 04:07 . 2006-09-05 19:28 38480 ------w- c:\windows\system32\IJRMF.exe 2009-10-29 01:52 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 01:52 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-26 20:12 . 2009-10-29 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 05:01 . 2009-10-26 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-10-26 01:11 . 2009-10-26 01:11 -------- d-----w- c:\program files\Trend Micro 2009-10-26 00:34 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\ACPI_2.sys 2009-10-25 23:36 . 2009-10-25 23:36 -------- d-----w- C:\ProgramData 2009-10-25 23:03 . 2009-10-25 23:03 -------- d-----w- c:\documents and settings\Tomi Yamamoto\Application Data\Malwarebytes 2009-10-24 22:16 . 2009-10-24 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 23:01 . 2009-08-26 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-10-29 04:37 . 2008-05-24 21:36 66560 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll 2009-10-29 04:07 . 2007-05-20 04:07 -------- d-----w- c:\program files\Logitech 2009-10-29 04:00 . 2007-05-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-10-29 03:57 . 2007-05-18 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-29 03:32 . 2009-06-06 20:57 -------- d-----w- c:\program files\Bonjour 2009-10-29 03:27 . 2007-05-20 03:23 -------- d-----w- c:\program files\iPod 2009-10-27 00:24 . 2009-06-07 02:23 -------- d-----w- c:\program files\Alwil Software 2009-09-30 18:07 . 2007-07-21 20:18 72744 ----a-w- c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 19:51 . 2009-09-17 19:51 -------- d-----w- c:\program files\MSECache 2009-09-15 10:59 . 2009-06-07 02:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2009-06-07 02:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2009-06-07 02:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2009-06-07 02:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2009-06-07 02:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2009-06-07 02:24 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2009-06-07 02:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2009-06-07 02:24 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2009-06-07 02:24 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 06:31 . 2009-08-25 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-05 21:22 . 2009-08-05 21:22 89600 --sha-w- c:\windows\system32\peluloge.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-04_16.30.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-05 18:58 . 2009-11-05 18:58 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat + 2009-11-08 17:31 . 2009-11-08 17:31 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-07 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-04-04 2002944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616] "hizodajadi"="lotokufi.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-19 450560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\sysreset\\mirc.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"= "c:\\Program Files\\NETGEAR\\WN311B\\Utility\\WN311B.exe"= "c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/6/2009 8:23 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2009 8:23 PM 20560] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/26/2007 1:17 PM 36013] S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 2:57 PM 814728] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [9/7/2008 5:46 PM 16194] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57] 2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003Core.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] 2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003UA.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\Tomi Yamamoto\Application Data\Mozilla\Firefox\Profiles\cwdfv541.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{9d5ef4e7-119f-4e7e-8234-0cfbf2dc00dd} - c:\windows\system32\turazapu.dll SSODL-nuleduwim-{9d5ef4e7-119f-4e7e-8234-0cfbf2dc00dd} - c:\windows\system32\turazapu.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 11:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spau.sys >>UNKNOWN [0x86F8D938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7422B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(580) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-11-08 11:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-08 17:46 ComboFix2.txt 2009-11-04 16:52 Pre-Run: 17,295,855,616 bytes free Post-Run: 17,342,345,216 bytes free - - End Of File - - E55FD55A2F2803CF970C94DF450FE8C4
  6. Hi and sorry for the delay on my part too. Here are the logs you asked for. For the last week, my computer has been running super mega slow when I try to do anything. I keep getting those google "I stay at home and make $xx and so should you" pop-ups with firefox and sometimes with explorer. ComboFix 09-11-03.03 - Tomi Yamamoto 11/04/2009 10:15.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT -6:00] Running from: c:\documents and settings\Tomi Yamamoto\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tomi Yamamoto\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091103-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\fonemike.dll" "c:\windows\system32\sukeweri.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bodizeya.dll c:\windows\system32\fonemike.dll c:\windows\system32\gadapobo.dll c:\windows\system32\guvajofi.dll c:\windows\system32\hozegupo.dll c:\windows\system32\kiyeboli.dll.tmp c:\windows\system32\kufefele.dll c:\windows\system32\lotokufi.dll c:\windows\system32\ninokaba.dll c:\windows\system32\nowalewi.dll c:\windows\system32\nuteyozo.dll c:\windows\system32\pukozedi.dll c:\windows\system32\rasipuhe.dll c:\windows\system32\sonumiwo.dll c:\windows\system32\tovikowu.dll c:\windows\system32\vetibelo.dll c:\windows\Tasks\vbpggals.job c:\windows\Temp\tmp3.tmp . ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-03 16:00 . 2009-11-03 16:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-29 04:27 . 2009-10-29 04:27 -------- d-----w- c:\program files\CCleaner 2009-10-29 04:07 . 2006-09-05 19:28 38480 ------w- c:\windows\system32\IJRMF.exe 2009-10-29 01:52 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 01:52 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-26 20:12 . 2009-10-29 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 05:01 . 2009-10-26 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-10-26 01:11 . 2009-10-26 01:11 -------- d-----w- c:\program files\Trend Micro 2009-10-26 00:34 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\ACPI_2.sys 2009-10-25 23:36 . 2009-10-25 23:36 -------- d-----w- C:\ProgramData 2009-10-25 23:03 . 2009-10-25 23:03 -------- d-----w- c:\documents and settings\Tomi Yamamoto\Application Data\Malwarebytes 2009-10-24 22:16 . 2009-10-24 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-08 14:50 . 2009-10-29 03:23 -------- d-----w- c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-29 04:07 . 2007-05-20 04:07 -------- d-----w- c:\program files\Logitech 2009-10-29 04:00 . 2007-05-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-10-29 03:57 . 2007-05-18 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-29 03:32 . 2009-06-06 20:57 -------- d-----w- c:\program files\Bonjour 2009-10-29 03:27 . 2007-05-20 03:23 -------- d-----w- c:\program files\iPod 2009-10-27 00:24 . 2009-06-07 02:23 -------- d-----w- c:\program files\Alwil Software 2009-09-30 18:07 . 2007-07-21 20:18 72744 ----a-w- c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-17 19:51 . 2009-09-17 19:51 -------- d-----w- c:\program files\MSECache 2009-09-15 10:59 . 2009-06-07 02:23 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2009-06-07 02:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2009-06-07 02:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2009-06-07 02:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2009-06-07 02:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2009-06-07 02:24 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2009-06-07 02:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2009-06-07 02:24 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2009-06-07 02:24 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 18:09 . 2009-09-07 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes 2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 06:31 . 2009-08-25 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-07 00:24 . 2007-05-18 21:47 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2007-05-18 21:47 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2007-05-18 21:47 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2007-05-18 21:47 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2007-05-18 21:47 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2007-05-20 02:48 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 00:23 . 2007-05-18 21:47 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-07 00:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-04 15:54 . 2009-08-04 15:54 90112 --sha-w- c:\windows\system32\fesusipa.dll 2009-07-30 19:00 . 2009-07-30 19:00 51200 --sha-w- c:\windows\system32\hufebido.dll 2009-07-30 22:05 . 2009-07-30 22:05 51712 --sha-w- c:\windows\system32\jakilalo.dll 2009-07-30 22:06 . 2009-07-30 22:06 51712 --sha-w- c:\windows\system32\leliwuwu.dll 2009-08-04 15:54 . 2009-08-04 15:54 61440 --sha-w- c:\windows\system32\mopijuya.dll 2009-07-30 19:00 . 2009-07-30 19:00 52224 --sha-w- c:\windows\system32\pahezoya.dll 2009-07-30 19:00 . 2009-07-30 19:00 89088 --sha-w- c:\windows\system32\sabelowo.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{395f774a-f6ef-420f-9104-e7a297d22978}] 2009-07-30 22:06 51712 --sha-w- c:\windows\system32\leliwuwu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-07 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2007-04-04 2002944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe.exe" [2009-09-10 1312080] "miyefegir"="c:\windows\system32\fesusipa.dll" [2009-08-04 90112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-06-15 1519616] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-19 450560] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{183906d1-c83c-4931-86cb-a8d5756cd273}"= "c:\windows\system32\fesusipa.dll" [2009-08-04 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "luvizewuw"= {183906d1-c83c-4931-86cb-a8d5756cd273} - c:\windows\system32\fesusipa.dll [2009-08-04 90112] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\sysreset\\mirc.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"= "c:\\Program Files\\NETGEAR\\WN311B\\Utility\\WN311B.exe"= "c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/6/2009 8:23 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2009 8:23 PM 20560] S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 2:57 PM 814728] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [9/7/2008 5:46 PM 16194] S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/26/2007 1:17 PM 36013] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57] 2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003Core.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] 2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1409082233-1801674531-1003UA.job - c:\documents and settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-07 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\Tomi Yamamoto\Application Data\Mozilla\Firefox\Profiles\cwdfv541.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-hizodajadi - lotokufi.dll HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe SharedTaskScheduler-{b7fe6daf-9af3-4490-8a2e-cf6d829d69ba} - c:\windows\system32\rasipuhe.dll SSODL-vopesizad-{b7fe6daf-9af3-4490-8a2e-cf6d829d69ba} - c:\windows\system32\rasipuhe.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 10:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqy.sys >>UNKNOWN [0x86F8D938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7422B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7422B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1884) c:\windows\system32\WININET.dll c:\windows\system32\fesusipa.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\Rundll32.exe c:\windows\system32\Rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-11-04 10:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-04 16:52 Pre-Run: 18,270,535,680 bytes free Post-Run: 17,962,954,752 bytes free Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:03 AM, on 11/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {395f774a-f6ef-420f-9104-e7a297d22978} - leliwuwu.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe.exe" /runcleanupscript O4 - HKLM\..\Run: [miyefegir] Rundll32.exe "c:\windows\system32\fesusipa.dll",a O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179530451500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: c:\windows\system32\fesusipa.dll,nowalewi.dll O21 - SSODL: luvizewuw - {183906d1-c83c-4931-86cb-a8d5756cd273} - c:\windows\system32\fesusipa.dll O22 - SharedTaskScheduler: kupuhivus - {183906d1-c83c-4931-86cb-a8d5756cd273} - c:\windows\system32\fesusipa.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 9770 bytes
  7. MBAM just finished and it rebooted my computer after removing the 2 bad items it found. I still had a RUNDLL pop-up... This time "vekakuje.dll". Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 10/26/2009 6:51:54 PM mbam-log-2009-10-26 (18-51-54).txt Scan type: Full Scan (C:\|D:\|F:\|) Objects scanned: 261292 Time elapsed: 3 hour(s), 12 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hizodajadi (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:02:33 PM, on 10/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {395f774a-f6ef-420f-9104-e7a297d22978} - kufefele.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe.exe" /runcleanupscript O4 - HKLM\..\Run: [hizodajadi] Rundll32.exe "vekakuje.dll",s O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179530451500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bw+0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: molurediy - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O21 - SSODL: zanavitef - {203e6f0a-4119-4356-88c0-3cb10fbdc0bf} - c:\windows\system32\jajeluno.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O22 - SharedTaskScheduler: tokatiluy - {203e6f0a-4119-4356-88c0-3cb10fbdc0bf} - c:\windows\system32\jajeluno.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 23179 bytes
  8. I used a clean laptop and downloaded mbam. I changed the execute file to explorer.exe (as it was instructed in a tutorial) and transferred it over to the infected computer. I'm now running a full scan with MBAM. I will post the log once it finishes... I'm now 3 hours in.
  9. And here's the F-Secure Scan log: Scanning Report Monday, October 26, 2009 00:01:48 - 10:27:24 Computer name: TOMI-C7CB8BCCC2 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ F:\ 4 malware found TrackingCookie.2o7 (spyware) * System (Disinfected) TrackingCookie.Doubleclick (spyware) * System (Disinfected) TrackingCookie.Revsci (spyware) * System (Disinfected) Trojan-Spy:W32/Zbot.gen!B (virus) * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XA2LDW3G\Z[1].EXE (Renamed & Submitted) Statistics Scanned: * Files: 99449 * System: 3363 * Not scanned: 7 Actions: * Disinfected: 3 * Renamed: 1 * Deleted: 0 * Not cleaned: 0 * Submitted: 1 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics Copyright
  10. I went ahead and ran the DDS. Here is the log: DDS (Ver_09-10-26.01) - NTFSx86 Run by Tomi at 23:47:55.71 on Sun 10/25/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.633 [GMT -5:00] AV: avast! antivirus 4.8.1351 [VPS 091025-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\Tomi Yamamoto\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: {395f774a-f6ef-420f-9104-e7a297d22978} - kokemabo.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [Google Update] "c:\documents and settings\tomi yamamoto\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "nwiz.exe" /install mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files\google\gmail notifier\gnotify.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [AS00_WN311B] c:\program files\netgear\wn311b\utility\WN311B.exe -hide mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [hizodajadi] Rundll32.exe "jepeyumu.dll",s mRun: [miyefegir] Rundll32.exe "c:\windows\system32\fonemike.dll",a dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe StartupFolder: c:\docume~1\tomiya~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: turbotax.com DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179530451500 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: molurediy - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll SSODL: wotopurit - {40330f89-66cf-43c5-84e3-202a1daeb581} - c:\windows\system32\fonemike.dll STS: jugezatag: {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll STS: jugezatag: {40330f89-66cf-43c5-84e3-202a1daeb581} - c:\windows\system32\fonemike.dll LSA: Notification Packages = scecli novusina.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tomiya~1\applic~1\mozilla\firefox\profiles\cwdfv541.default\ FF - plugin: c:\documents and settings\tomi yamamoto\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\tomi yamamoto\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-6 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-6 20560] R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2007-7-26 36013] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-9-7 16194] =============== Created Last 30 ================ 2009-10-26 04:24:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 04:20:53 0 d-----w- c:\program files\DELETE ME LATER 2009-10-26 03:56:32 0 d-s---w- C:\ComboFix 2009-10-26 01:11:55 0 d-----w- c:\program files\Trend Micro 2009-10-26 00:34:13 187776 ----a-w- c:\windows\system32\drivers\ACPI_2.sys 2009-10-26 00:04:01 0 d-sha-r- C:\cmdcons 2009-10-26 00:02:21 98816 ----a-w- c:\windows\sed.exe 2009-10-26 00:02:21 77312 ----a-w- c:\windows\MBR.exe 2009-10-26 00:02:21 236544 ----a-w- c:\windows\PEV.exe 2009-10-26 00:02:21 161792 ----a-w- c:\windows\SWREG.exe 2009-10-25 23:36:13 0 d-----w- C:\ProgramData 2009-10-25 23:36:13 0 d-----w- c:\program files\Angle Interactive 2009-10-25 23:03:13 0 d-----w- c:\docume~1\tomiya~1\applic~1\Malwarebytes 2009-10-24 22:16:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes ==================== Find3M ==================== 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 01:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-05 00:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-26 03:33:22 89600 --sha-w- c:\windows\system32\fonemike.dll 2009-07-25 03:11:32 51712 --sha-w- c:\windows\system32\kokemabo.dll 2009-07-26 03:33:22 38400 --sha-w- c:\windows\system32\redivipo.dll 2008-09-16 00:55:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat ============= FINISH: 23:48:28.31 ===============
  11. MBAM scanned through and I told it to delete the 5 things it detected. I didn't even think about posting that log on here, I apologize. I restarted my computer to see if those two pop-ups would come up again and it didn't. After seeing your reply on here, I tried to run MBAM again but it couldn't find the execute file again. I ran HijackThis and found that the two items from earlier were present again except the sukeweri.dll changed its name to fonemike.dll. The two show up as follows on the log: O4 - HKLM\..\Run: [miyefegir] Rundll32.exe "c:\windows\system32\fonemike.dll",a O4 - HKLM\..\Run: [hizodajadi] Rundll32.exe "jepeyumu.dll",s ... I tried repeating the steps that seemed to work earlier but no matter how many times I "fix checked" and restart, the two reappear. Should I continue on with the rest of the instructions you left me?
  12. "Error loading jepeyumu.dll" still appeared when I rebooted the computer but mbam runs fine now. I'm currently scanning my computer with it. Should I still do the DDS and other things you mentioned once it's done? Thanks!
  13. I ran ComboFix twice and ended up with no report. After completing all the stages, ComboFix rebooted my computer and the new window read that it was preparing the log report. While doing so, my computer shut down with no prior warnings. It's weird because I couldn't reboot my computer by pressing the "on" button. I had to hit the reset button directly below the on switch for my computer to reboot. I also got 2 RUNDLL pop-ups. One said "Error loading c:\windows\systems32\sukeweri.dll" and the other read "Error loading jepeyumu.dll". I checked in the C drive and the combofix folder, and no report was found. I ran HijackThis again as requested though: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:54 PM, on 10/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {395f774a-f6ef-420f-9104-e7a297d22978} - kokemabo.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [miyefegir] Rundll32.exe "c:\windows\system32\sukeweri.dll",a O4 - HKLM\..\Run: [hizodajadi] Rundll32.exe "jepeyumu.dll",s O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179530451500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bw+0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: molurediy - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 22840 bytes
  14. My computer's been a little sluggish for the past half year and I figured it's probably because it's old. Well, more recently, I've been getting random google pop-up ads and earlier today, I found 3 shortcuts with porn icons on my desktop. We haven't done anything on this computer that we think could cause these to occur so I downloaded malwarebytes, installed it, and tried to run it. Couldn't run it because mbam.exe didn't exist. I re-downloaded from a different location and still no .exe. I downloaded process explorer like one of the tutorials here explained but I couldn't find av360 or the little shield icon. So here's the HijackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:12:21 PM, on 10/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {395f774a-f6ef-420f-9104-e7a297d22978} - kokemabo.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [miyefegir] Rundll32.exe "c:\windows\system32\sukeweri.dll",a O4 - HKLM\..\Run: [hizodajadi] Rundll32.exe "jepeyumu.dll",s O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomi Yamamoto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179530451500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bw+0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {301759F4-5F79-45E1-B1E9-3111110DD86A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: molurediy - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {dbf4efa3-c98c-48ad-ae78-23bf1b7feb28} - c:\windows\system32\sukeweri.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- End of file - 23089 bytes