PDA

View Full Version : I need help please!!



cgirlperryman
2007-07-11, 19:47
hi .. i have never used something like this for help before... i have the spybot scan and ran it but i have viruses i cant get rid of...! such as command service..and a couple others i really just have no idea what to do

random/random
2007-07-11, 19:51
Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Download HJTsetup.exe from here (http://downloads.malwareremoval.com/HJTsetup.exe)
Double click on HJTsetup.exe to start the install of HijackThis by merijn
Click Next>
Click Next>
Click Next>
Select the option to Create a desktop icon
Click Next>
Click Install
Click Finish
Click Do a system scan and save a logfile
It will produce a log for you, post the contents of that log as a reply to this topic
Note: To run HijackThis again in future, double click on the HijackThis shortcut on your desktop

cgirlperryman
2007-07-11, 19:57
i click on "here" to download and said security settings wont let me download it
?

cgirlperryman
2007-07-11, 19:59
on spyobt search all virusus were...command service, smitfraud-C.coreservice, and Virtumonde

random/random
2007-07-11, 20:02
Go to start>control panel>Network and internet connections>Internet options
Click the security tab
Click Reset all zones to default level
Then attempt the instructions again

cgirlperryman
2007-07-11, 20:39
"Lola" - 2007-07-11 11:10:43 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\dlcmjecc.dll
C:\WINDOWS\system32\fax71u.dll
C:\WINDOWS\system32\irfwpidq.dll
C:\WINDOWS\system32\rvksaumm.dll
C:\WINDOWS\system32\tadjtatw.dll
C:\WINDOWS\system32\ytvyaunv.dll
C:\WINDOWS\system32\fjqqpvvi.exe
C:\WINDOWS\system32\gkysmroc.exe
C:\WINDOWS\system32\omsearaa.exe
C:\WINDOWS\system32\sycaqhwn.exe
C:\WINDOWS\system32\syeciyjy.exe
C:\WINDOWS\system32\tsiebdux.exe
C:\WINDOWS\system32\usoqtimo.exe
C:\WINDOWS\system32\efcywvt.dll
C:\WINDOWS\SYSTEM32\qstwa.bak1
C:\WINDOWS\SYSTEM32\qstwa.bak2
C:\WINDOWS\SYSTEM32\qdipwfri.ini
C:\WINDOWS\SYSTEM32\jjkmp.bak1
C:\WINDOWS\SYSTEM32\jjkmp.bak2
C:\WINDOWS\SYSTEM32\jjkmp.ini
C:\WINDOWS\SYSTEM32\mmuaskvr.ini
C:\WINDOWS\SYSTEM32\wtatjdat.ini
C:\WINDOWS\SYSTEM32\vnuayvty.ini
C:\WINDOWS\SYSTEM32\qstwa.bak1
C:\WINDOWS\SYSTEM32\qstwa.bak2
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\ddcyyvv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\.protected
C:\DOCUME~1\Lola\APPLIC~1.\crosof~1
C:\DOCUME~1\Lola\APPLIC~1.\crosof~1\nslookup.exe
C:\DOCUME~1\Lola\APPLIC~1\DriveCleaner 2006 Free
C:\DOCUME~1\Lola\APPLIC~1\DriveCleaner 2006 Free\Logs\update.log
C:\DOCUME~1\Lola\APPLIC~1\Install.dat
C:\DOCUME~1\Lola\MYDOCU~1.\scurit~1
C:\Program Files\Common Files\companion wizard
C:\temp\tn3
C:\WINDOWS\.protected
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx10.dll
C:\WINDOWS\system32\components\flx11.dll
C:\WINDOWS\system32\components\flx12.dll
C:\WINDOWS\system32\components\flx13.dll
C:\WINDOWS\system32\components\flx14.dll
C:\WINDOWS\system32\components\flx15.dll
C:\WINDOWS\system32\components\flx16.dll
C:\WINDOWS\system32\components\flx17.dll
C:\WINDOWS\system32\components\flx18.dll
C:\WINDOWS\system32\components\flx19.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx20.dll
C:\WINDOWS\system32\components\flx21.dll
C:\WINDOWS\system32\components\flx22.dll
C:\WINDOWS\system32\components\flx23.dll
C:\WINDOWS\system32\components\flx24.dll
C:\WINDOWS\system32\components\flx25.dll
C:\WINDOWS\system32\components\flx26.dll
C:\WINDOWS\system32\components\flx27.dll
C:\WINDOWS\system32\components\flx28.dll
C:\WINDOWS\system32\components\flx29.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx30.dll
C:\WINDOWS\system32\components\flx31.dll
C:\WINDOWS\system32\components\flx32.dll
C:\WINDOWS\system32\components\flx33.dll
C:\WINDOWS\system32\components\flx34.dll
C:\WINDOWS\system32\components\flx35.dll
C:\WINDOWS\system32\components\flx36.dll
C:\WINDOWS\system32\components\flx37.dll
C:\WINDOWS\system32\components\flx38.dll
C:\WINDOWS\system32\components\flx39.dll
C:\WINDOWS\system32\components\flx4.dll
C:\WINDOWS\system32\components\flx40.dll
C:\WINDOWS\system32\components\flx41.dll
C:\WINDOWS\system32\components\flx42.dll
C:\WINDOWS\system32\components\flx43.dll
C:\WINDOWS\system32\components\flx44.dll
C:\WINDOWS\system32\components\flx45.dll
C:\WINDOWS\system32\components\flx46.dll
C:\WINDOWS\system32\components\flx47.dll
C:\WINDOWS\system32\components\flx48.dll
C:\WINDOWS\system32\components\flx49.dll
C:\WINDOWS\system32\components\flx50.dll
C:\WINDOWS\system32\components\flx51.dll
C:\WINDOWS\system32\components\flx52.dll
C:\WINDOWS\system32\components\flx53.dll
C:\WINDOWS\system32\components\flx54.dll
C:\WINDOWS\system32\components\flx55.dll
C:\WINDOWS\system32\components\flx56.dll
C:\WINDOWS\system32\components\flx57.dll
C:\WINDOWS\system32\components\flx58.dll
C:\WINDOWS\system32\components\flx59.dll
C:\WINDOWS\system32\components\flx60.dll
C:\WINDOWS\system32\components\flx61.dll
C:\WINDOWS\system32\components\flx62.dll
C:\WINDOWS\system32\components\flx63.dll
C:\WINDOWS\system32\components\flx64.dll
C:\WINDOWS\system32\components\flx65.dll
C:\WINDOWS\system32\components\flx67.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\components\flx9.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\goeiehxc.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ntsystem.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\obkxqjup.exe
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wtsicomsv32.exe
C:\WINDOWS\temp\salm.exe
C:\WINDOWS\TG9sYQ\asappsrv.dll
C:\WINDOWS\TG9sYQ\command.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 11:14 66,624 --a------ C:\WINDOWS\SYSTEM32\cingamst.dll
2007-07-11 11:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-09 13:56 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-09 13:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-09 13:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-09 13:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-07-09 12:04 262,144 --a------ C:\DOCUME~1\Branden\ntuser.dat
2007-07-04 00:59 <DIR> d--hs---- C:\WINDOWS\TG9sYQ
2007-07-03 08:42 22,016 --a------ C:\WINDOWS\b138.exe
2007-06-27 06:45 <DIR> d-------- C:\DOCUME~1\Lola\APPLIC~1\U3
2007-06-23 08:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\bmgenkji
2007-06-23 02:29 71,168 --ah----- C:\WINDOWS\SYSTEM32\mjmtyupewqbj.dll
2007-06-23 02:29 71,168 --a------ C:\WINDOWS\SYSTEM32\agucroxliwyk.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 04:01:46 -------- d-----w C:\Program Files\Messenger
2007-07-07 14:27:15 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-07 14:27:08 168 --sh--r C:\WINDOWS\system32\4EC1871CE5.sys
2007-07-05 22:03:19 -------- d-----w C:\DOCUME~1\Lola\APPLIC~1\Corel
2007-07-03 02:32:57 -------- d-----w C:\DOCUME~1\Lola\APPLIC~1\LimeWire
2007-06-24 19:01:49 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-30 15:57:04 -------- d-----w C:\Program Files\360Share Pro
2007-05-29 20:25:09 -------- d-----w C:\DOCUME~1\Lola\APPLIC~1\Pixmantec
2007-05-27 05:00:24 -------- d-----w C:\Program Files\America Online 9.0
2007-05-26 18:46:58 -------- d-----w C:\Program Files\Thomson
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-04 16:08:34 56 ------w C:\WINDOWS\system32\E51C87C14E.sys
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel(2).dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 12:46:27 665,600 ----a-w C:\WINDOWS\system32\wininet(2).dll
2007-04-18 12:46:27 616,960 ----a-w C:\WINDOWS\system32\urlmon(2).dll
2007-04-18 12:46:27 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
2007-04-18 12:46:27 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32(2).dll
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\TG9sYQ\n36Psk.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 15:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44BEC991-3D0E-7B13-8B98-044EC2FA57E3}]
2006-08-30 14:38 72704 --a------ C:\WINDOWS\System32\fhoucri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-03-15 00:04 118836 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
2007-07-11 11:14 66624 --a------ C:\WINDOWS\system32\cingamst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 18:03]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 08:35]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 18:47]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52]
"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-08 14:03]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-25 03:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-06-03 17:09]
"@"="" []
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 11:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-02 10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lola^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Lola\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fac4]
C:\WINDOWS\hcgxfehr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]
C:\WINDOWS\system32\ntsystem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad45edf-233d-11dc-beca-00038a000015}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad45ee0-233d-11dc-beca-00038a000015}]
AutoRun\command- H:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 11:26:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-11 11:29:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 11:28

--- E O F ---

cgirlperryman
2007-07-11, 20:43
Logfile of HijackThis v1.99.1
Scan saved at 11:40:08 AM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {44BEC991-3D0E-7B13-8B98-044EC2FA57E3} - C:\WINDOWS\System32\fhoucri.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\cingamst.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164428360405
O16 - DPF: {71FD7E00-6EDE-671A-73E4-30E054B0D4AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF0DFD11-D025-4DC7-8602-2E250DFBB1D4}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

cgirlperryman
2007-07-11, 20:47
the rest of hijack scan...


O18 - Protocol: offline-8876480 - {A1CB274A-08AD-4B70-80A8-0C1FC886CBDF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

cgirlperryman
2007-07-11, 21:02
i did what you said and ran spybot again and it said congratulations no immediate threats were found.. but had cache cookie and log in green letters under it ... do i need to do anything else? and do i need to keep hijackthis on my computer and what about the other one i downloaded?

random/random
2007-07-11, 22:00
You're not clean yet, there's still lots to do

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.


Acrobat reader is outdated, uninstall the one you have installed and install the latest one from here:

http://www.adobe.com/products/acrobat/readstep2.html

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

RXToolbar



Open a new notepad window (Start>All programs>accessories>notepad)
Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard

File::
C:\WINDOWS\SYSTEM32\cingamst.dll
C:\WINDOWS\b138.exe
C:\WINDOWS\SYSTEM32\mjmtyupewqbj.dll
C:\WINDOWS\SYSTEM32\agucroxliwyk.dll
C:\WINDOWS\System32\fhoucri.dll
C:\Documents and Settings\Lola\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\WINDOWS\hcgxfehr.exe
C:\WINDOWS\system32\ntsystem.exe



Folder::
C:\WINDOWS\TG9sYQ
C:\WINDOWS\SYSTEM32\bmgenkji
C:\Program Files\RXToolBar


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44BEC991-3D0E-7B13-8B98-044EC2FA57E3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lola^Start Menu^Programs^Startup^.protected]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fac4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]

Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
Save it to the desktop as ComboFix-Do.txt
Now drag and drop ComboFix-Do.txt onto combofix.exe as in the picture below and follow the prompts:
http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif
When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

tashi
2007-07-20, 02:16
Due to lack of a response to helper this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.