View Full Version : PWS.LDPinchIE -- Helppppppp!!!
kornsoup
2009-06-22, 03:42
Cannot get rid of this --- no internet on this system!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:04 PM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOem eitherWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
J:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Kornsoup\mfkbql.exe \s
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\sdjee3inf.dll - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\sdjee3inf.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\1685156.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\1685156.dll
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231109124714
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231109209683
O18 - Protocol: bw+0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\jajusema.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O21 - SSODL: CECPclOaWDHk - {A405A916-0EAF-03BC-F0DA-E00C9B98D75D} - C:\WINDOWS\system32\nhnut.dll
O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\sdjee3inf.dll
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
--
End of file - 16087 bytes
uninstall list
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apple Software Update
aTube Catcher 1.0
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools
Disney Pirates of the Caribbean Online
DJ Music Mixer
DVDFab Platinum 2.9.3.5
exPressit S.E. 2.1
Garmin Communicator Plugin
Garmin USB Drivers
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 13
LightScribe System Software 1.14.25.1
Logitech Desktop Messenger
Logitech SetPoint
Media Manager for WALKMAN 1.2
MediaLife
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ Run Time Lib Setup
Microsoft WinUsb 1.0
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
NCH Toolbox
Nero 8 Essentials
neroxml
Pacxon ver 1.0
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sony Media Manager for PSP 3.0
Spybot - Search & Destroy
Switch Sound File Converter
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtual Magnifying Glass v3.3.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
Yahoo! Software Update
Yahoo! Toolbar
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
shelf life
2009-06-24, 05:00
hi kornsoup,
no internet on this system!!
thats one good thing. (malware fetches more malware)
we will have to get some tools on the machine. Would you be able to download then get them on the computer via a usb flash drive or cd or if they are networked.
kornsoup
2009-06-24, 06:33
yes i have laptop w/ inernet connection and usb drive----here is combo fix log, also no copy cut and paste on desktop of affected comp---thanks in advance:thanks:
ComboFix 09-06-21.01 -:devil:Kornsoup:devil: 06/23/2009 23:09.1 - NTFSx86
Running from: J:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Kornsoup\LOCALS~1\Temp\lsass.exe
c:\documents and settings\Kornsoup\Application Data\wiaserva.log
c:\documents and settings\Kornsoup\mfkbql.exe
c:\windows\msa.exe
c:\windows\system32\1685156.dll
c:\windows\system32\drivers\beep.sys
c:\windows\system32\ekupoboh.ini
c:\windows\system32\msxml71.dll
c:\windows\system32\sdjee3inf.dll
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
c:\windows\system32\grpconv.exe . . . is missing!!
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-21 22:26 . 2009-06-21 22:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-21 21:53 . 2009-06-21 21:55 -------- d-----w- C:\Inetpub
2009-06-20 13:50 . 2008-04-14 00:12 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-06-20 13:50 . 2008-04-14 00:12 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-06-20 07:00 . 2009-06-20 07:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-06-20 05:02 . 2009-06-20 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 05:36 . 2009-06-19 05:36 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Mozilla
2009-06-19 05:30 . 2009-06-19 05:30 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-19 02:50 . 2009-06-19 02:50 118784 ----a-w- c:\windows\system32\sgceklj0ea1j.dll
2009-06-19 02:50 . 2009-06-19 02:50 80191 ----a-w- c:\windows\system32\qgcaklj0ea1j.exe
2009-06-19 02:50 . 2009-06-19 02:50 29696 ----a-w- c:\windows\system32\tyauohv.exe
2009-06-17 22:06 . 2009-06-17 22:06 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Apple Computer
2009-06-16 19:52 . 2009-06-16 19:52 -------- d-----w- c:\documents and settings\Nicole\Application Data\Nero
2009-06-16 00:31 . 2009-06-16 00:31 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Ahead
2009-06-15 22:34 . 2009-06-15 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:28 -------- d-----w- c:\program files\Common Files\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\program files\Nero
2009-06-14 17:53 . 2009-06-14 17:53 -------- d-----w- c:\program files\MSECache
2009-06-11 22:22 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:22 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 22:22 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 22:22 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 01:21 . 2009-06-09 01:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 01:15 . 2009-06-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-06 01:52 . 2009-06-06 01:52 274273 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-06-05 01:44 . 2003-12-28 00:42 137216 ----a-w- c:\windows\system32\drivers\d344bus.sys
2009-06-05 01:44 . 2003-12-27 06:38 5248 ----a-w- c:\windows\system32\drivers\d344prt.sys
2009-06-05 01:44 . 2009-06-05 01:44 -------- d-----w- c:\program files\D-Tools
2009-06-05 01:43 . 2009-06-05 01:43 -------- d-----w- c:\windows\Downloaded Installations
2009-06-04 01:05 . 2009-06-04 01:05 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Apple
2009-05-31 17:40 . 2009-05-31 17:40 -------- d-----w- c:\program files\DsNET Corp
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\GARMIN
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\DIFX
2009-05-25 16:40 . 2009-05-25 16:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 22:22 . 2009-03-02 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 21:59 . 2009-01-16 22:33 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\U3
2009-06-20 14:26 . 2009-04-02 04:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-20 06:05 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-20 06:04 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Software
2009-06-15 23:32 . 2009-01-17 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-15 22:45 . 2009-01-08 00:53 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\AdobeUM
2009-06-15 22:35 . 2009-03-28 06:30 21808 ----a-w- c:\documents and settings\Kornsoup\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 01:18 . 2008-01-25 02:02 -------- d-----w- c:\program files\Apple Software Update
2009-05-17 21:47 . 2005-08-18 14:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-17 19:01 . 2009-05-17 19:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:01 . 2009-05-17 19:01 -------- d-----w- c:\program files\Java
2009-05-17 19:00 . 2009-04-16 00:15 152576 ----a-w- c:\documents and settings\Kornsoup\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:15 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 00:58 . 2009-05-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-09 00:54 . 2009-05-09 00:54 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Leawo
2009-05-09 00:53 . 2009-05-09 00:53 -------- d-----w- c:\program files\Leawo
2009-05-07 15:32 . 2002-08-29 03:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 05:45 . 2009-05-03 05:45 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Thinstall
2009-04-17 12:26 . 2002-08-29 02:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 01:05 . 2009-04-09 00:48 103509 ----a-w- c:\windows\hpoins04.dat
2009-04-06 01:44 . 2009-04-06 01:44 17920 ----a-w- c:\documents and settings\GMoney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:48 . 2009-04-05 01:48 10134 ----a-r- c:\documents and settings\Kornsoup\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-04-02 16:23 . 2009-04-02 16:23 17920 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-16 17:09 . 2008-01-23 01:38 54330664 ----a-w- c:\program files\iTunesSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CECPclOaWDHk"= {A405A916-0EAF-03BC-F0DA-E00C9B98D75D} - c:\windows\system32\nhnut.dll [2009-03-21 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"6to4"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\tyauohv.exe"=
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S0 d344bus;d344bus;c:\windows\system32\DRIVERS\d344bus.sys [2003-12-28 137216]
S0 d344prt;d344prt;c:\windows\System32\Drivers\d344prt.sys [2003-12-27 5248]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 03:18]
.
- - - - ORPHANS REMOVED - - - -
Notify-AutorunsDisabled - WgaLogon.dll
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - d:\micros~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 23:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-1801674531-682003330-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0.0008 0.0866 0.2742 0.598 0.7494 0.8545 0.8621 "
"Increment"=".003774"
"FRT"="4d0pBXmMWOc7v4/pP3q9Q3aDwmFM7WOCdyXueoKDfxV9lAhR6zqQiQ=="
"PLCK"="3nQg4b7umqAiM3e5IcEvxa1ujj0FtJW0"
"PHSH"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\WININET.dll
.
Completion time: 2009-06-24 23:18
ComboFix-quarantined-files.txt 2009-06-24 03:18
Pre-Run: 6,541,443,072 bytes free
Post-Run: 7,559,880,704 bytes free
272 --- E O F --- 2009-06-11 22:35
shelf life
2009-06-25, 01:09
your combofix header is missing some information. There is a guide to read first before using combofix. you didnt install the recovery console up to you really if you want to do that. Read through this guide and run it once more and post that log:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
kornsoup
2009-06-25, 14:38
ive been running combofix from the pendrive because i dont know how to save to desktop cause of NO cut/copy/paste--is that OK??
ComboFix 09-06-21.01 -:devil: Kornsoup :devil: 06/25/2009 7:26.3 - NTFSx86
Running from: J:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\grpconv.exe . . . is missing!!
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.
2009-06-25 11:14 . 2002-09-07 00:00 4952 ----a-r- C:\Bootfont.bin
2009-06-24 04:01 . 2009-06-24 04:01 166859214 ----a-w- C:\registrybackup.reg
2009-06-21 22:26 . 2009-06-21 22:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-21 21:53 . 2009-06-21 21:55 -------- d-----w- C:\Inetpub
2009-06-20 13:50 . 2008-04-14 00:12 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-06-20 13:50 . 2008-04-14 00:12 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-06-20 07:00 . 2009-06-20 07:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-06-20 05:02 . 2009-06-20 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 05:36 . 2009-06-19 05:36 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Mozilla
2009-06-19 05:30 . 2009-06-19 05:30 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-19 02:50 . 2009-06-19 02:50 118784 ----a-w- c:\windows\system32\sgceklj0ea1j.dll
2009-06-19 02:50 . 2009-06-19 02:50 80191 ----a-w- c:\windows\system32\qgcaklj0ea1j.exe
2009-06-19 02:50 . 2009-06-19 02:50 29696 ----a-w- c:\windows\system32\tyauohv.exe
2009-06-17 22:06 . 2009-06-17 22:06 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Apple Computer
2009-06-16 19:52 . 2009-06-16 19:52 -------- d-----w- c:\documents and settings\Nicole\Application Data\Nero
2009-06-16 00:31 . 2009-06-16 00:31 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Ahead
2009-06-15 22:34 . 2009-06-15 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:28 -------- d-----w- c:\program files\Common Files\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\program files\Nero
2009-06-14 17:53 . 2009-06-14 17:53 -------- d-----w- c:\program files\MSECache
2009-06-11 22:22 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:22 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 22:22 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 22:22 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 01:21 . 2009-06-09 01:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 01:15 . 2009-06-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-06 01:52 . 2009-06-06 01:52 274273 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-06-05 01:44 . 2003-12-28 00:42 137216 ----a-w- c:\windows\system32\drivers\d344bus.sys
2009-06-05 01:44 . 2003-12-27 06:38 5248 ----a-w- c:\windows\system32\drivers\d344prt.sys
2009-06-05 01:44 . 2009-06-05 01:44 -------- d-----w- c:\program files\D-Tools
2009-06-05 01:43 . 2009-06-05 01:43 -------- d-----w- c:\windows\Downloaded Installations
2009-06-04 01:05 . 2009-06-04 01:05 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Apple
2009-05-31 17:40 . 2009-05-31 17:40 -------- d-----w- c:\program files\DsNET Corp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 22:22 . 2009-03-02 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 21:59 . 2009-01-16 22:33 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\U3
2009-06-20 14:26 . 2009-04-02 04:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-20 06:05 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-20 06:04 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Software
2009-06-15 23:32 . 2009-01-17 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-15 22:45 . 2009-01-08 00:53 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\AdobeUM
2009-06-15 22:35 . 2009-03-28 06:30 21808 ----a-w- c:\documents and settings\Kornsoup\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 01:18 . 2008-01-25 02:02 -------- d-----w- c:\program files\Apple Software Update
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\GARMIN
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\DIFX
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin
2009-05-17 21:47 . 2005-08-18 14:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-17 19:01 . 2009-05-17 19:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:01 . 2009-05-17 19:01 -------- d-----w- c:\program files\Java
2009-05-17 19:00 . 2009-04-16 00:15 152576 ----a-w- c:\documents and settings\Kornsoup\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:15 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 00:58 . 2009-05-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-09 00:54 . 2009-05-09 00:54 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Leawo
2009-05-09 00:53 . 2009-05-09 00:53 -------- d-----w- c:\program files\Leawo
2009-05-07 15:32 . 2002-08-29 03:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 05:45 . 2009-05-03 05:45 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Thinstall
2009-04-17 12:26 . 2002-08-29 02:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 01:05 . 2009-04-09 00:48 103509 ----a-w- c:\windows\hpoins04.dat
2009-04-06 01:44 . 2009-04-06 01:44 17920 ----a-w- c:\documents and settings\GMoney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:48 . 2009-04-05 01:48 10134 ----a-r- c:\documents and settings\Kornsoup\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-04-02 16:23 . 2009-04-02 16:23 17920 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-16 17:09 . 2008-01-23 01:38 54330664 ----a-w- c:\program files\iTunesSetup.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_03.16.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-18 14:47 . 2009-06-24 03:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-18 14:47 . 2009-06-24 03:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-18 14:47 . 2009-06-24 03:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-18 14:47 . 2009-06-24 03:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CECPclOaWDHk"= {A405A916-0EAF-03BC-F0DA-E00C9B98D75D} - c:\windows\system32\nhnut.dll [2009-03-21 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"6to4"=2 (0x2)
"SharedAccess"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\tyauohv.exe"=
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S0 d344bus;d344bus;c:\windows\system32\DRIVERS\d344bus.sys [2003-12-28 137216]
S0 d344prt;d344prt;c:\windows\System32\Drivers\d344prt.sys [2003-12-27 5248]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - d:\micros~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 07:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-1801674531-682003330-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0.0008 0.0866 0.2742 0.598 0.7494 0.8545 0.8621 "
"Increment"=".003774"
"FRT"="4d0pBXmMWOc7v4/pP3q9Q3aDwmFM7WOCdyXueoKDfxV9lAhR6zqQiQ=="
"PLCK"="3nQg4b7umqAiM3e5IcEvxa1ujj0FtJW0"
"PHSH"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1632)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-06-25 7:32
ComboFix-quarantined-files.txt 2009-06-25 11:32
ComboFix2.txt 2009-06-24 03:53
ComboFix3.txt 2009-06-24 03:18
Pre-Run: 7,430,565,888 bytes free
Post-Run: 7,415,672,832 bytes free
269 --- E O F --- 2009-06-11 22:35
shelf life
2009-06-26, 04:33
ok. we will use combofix to remove some files. There will be more to remove.
start with these, we will have to get another tool also for the LSP (line 10 in the hjt log)
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
File::
c:\windows\system32\sgceklj0ea1j.dll
c:\windows\system32\qgcaklj0ea1j.exe
c:\windows\system32\tyauohv.exe
C:\WINDOWS\system32\nhnut.dll
C:\WINDOWS\system32\sdjee3inf.dll
Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.
kornsoup
2009-06-26, 06:03
ComboFix 09-06-21.01 -:devil: Kornsoup :devil: 06/25/2009 22:48.4 - NTFSx86
Running from: J:\ComboFix.exe
Command switches used :: J:\CFScript.txt
FILE ::
"c:\windows\system32\nhnut.dll"
"c:\windows\system32\qgcaklj0ea1j.exe"
"c:\windows\system32\sdjee3inf.dll"
"c:\windows\system32\sgceklj0ea1j.dll"
"c:\windows\system32\tyauohv.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\nhnut.dll
c:\windows\system32\qgcaklj0ea1j.exe
c:\windows\system32\sgceklj0ea1j.dll
c:\windows\system32\tyauohv.exe
c:\windows\system32\grpconv.exe . . . is missing!!
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-25 11:14 . 2002-09-07 00:00 4952 ----a-r- C:\Bootfont.bin
2009-06-24 04:01 . 2009-06-24 04:01 166859214 ----a-w- C:\registrybackup.reg
2009-06-21 22:26 . 2009-06-21 22:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-21 21:53 . 2009-06-21 21:55 -------- d-----w- C:\Inetpub
2009-06-20 13:50 . 2008-04-14 00:12 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-06-20 13:50 . 2008-04-14 00:12 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-06-20 07:00 . 2009-06-20 07:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-06-20 05:02 . 2009-06-20 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 05:36 . 2009-06-19 05:36 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Mozilla
2009-06-19 05:30 . 2009-06-19 05:30 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-17 22:06 . 2009-06-17 22:06 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\Apple Computer
2009-06-16 19:52 . 2009-06-16 19:52 -------- d-----w- c:\documents and settings\Nicole\Application Data\Nero
2009-06-16 00:31 . 2009-06-16 00:31 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Ahead
2009-06-15 22:34 . 2009-06-15 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-15 22:29 . 2009-06-15 22:29 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-15 22:27 . 2009-06-15 22:28 -------- d-----w- c:\program files\Common Files\Nero
2009-06-15 22:27 . 2009-06-15 22:27 -------- d-----w- c:\program files\Nero
2009-06-14 17:53 . 2009-06-14 17:53 -------- d-----w- c:\program files\MSECache
2009-06-11 22:22 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:22 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 22:22 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 22:22 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 01:21 . 2009-06-09 01:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 01:15 . 2009-06-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-06 01:52 . 2009-06-06 01:52 274273 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-06-05 01:44 . 2003-12-28 00:42 137216 ----a-w- c:\windows\system32\drivers\d344bus.sys
2009-06-05 01:44 . 2003-12-27 06:38 5248 ----a-w- c:\windows\system32\drivers\d344prt.sys
2009-06-05 01:44 . 2009-06-05 01:44 -------- d-----w- c:\program files\D-Tools
2009-06-05 01:43 . 2009-06-05 01:43 -------- d-----w- c:\windows\Downloaded Installations
2009-06-04 01:05 . 2009-06-04 01:05 -------- d-----w- c:\documents and settings\Kornsoup\Local Settings\Application Data\Apple
2009-05-31 17:40 . 2009-05-31 17:40 -------- d-----w- c:\program files\DsNET Corp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 22:22 . 2009-03-02 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 21:59 . 2009-01-16 22:33 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\U3
2009-06-20 14:26 . 2009-04-02 04:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-20 06:05 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-20 06:04 . 2009-01-17 03:45 -------- d-----w- c:\program files\NCH Software
2009-06-15 23:32 . 2009-01-17 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-15 22:45 . 2009-01-08 00:53 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\AdobeUM
2009-06-15 22:35 . 2009-03-28 06:30 21808 ----a-w- c:\documents and settings\Kornsoup\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 01:18 . 2008-01-25 02:02 -------- d-----w- c:\program files\Apple Software Update
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\GARMIN
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\DIFX
2009-05-25 16:40 . 2009-05-25 16:40 -------- d-----w- c:\program files\Garmin
2009-05-17 21:47 . 2005-08-18 14:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-17 19:01 . 2009-05-17 19:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:01 . 2009-05-17 19:01 -------- d-----w- c:\program files\Java
2009-05-17 19:00 . 2009-04-16 00:15 152576 ----a-w- c:\documents and settings\Kornsoup\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:15 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 00:58 . 2009-05-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-09 00:54 . 2009-05-09 00:54 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Leawo
2009-05-09 00:53 . 2009-05-09 00:53 -------- d-----w- c:\program files\Leawo
2009-05-07 15:32 . 2002-08-29 03:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 05:45 . 2009-05-03 05:45 -------- d-----w- c:\documents and settings\Kornsoup\Application Data\Thinstall
2009-04-17 12:26 . 2002-08-29 02:14 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 01:05 . 2009-04-09 00:48 103509 ----a-w- c:\windows\hpoins04.dat
2009-04-06 01:44 . 2009-04-06 01:44 17920 ----a-w- c:\documents and settings\GMoney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:48 . 2009-04-05 01:48 10134 ----a-r- c:\documents and settings\Kornsoup\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-04-02 16:23 . 2009-04-02 16:23 17920 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-16 17:09 . 2008-01-23 01:38 54330664 ----a-w- c:\program files\iTunesSetup.exe
.
------- Sigcheck -------
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-08-29 03:41 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2001-08-23 12:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
[-] 2006-05-19 12:15 70656 3748E0FC8C1B6ADA49F98C8E69A4228C c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2002-08-29 03:41 599040 F3587750A7481DCCBEA13D473A0700BE c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie8\wininet.dll
[-] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3GDR\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3QFE\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 01:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2009-04-02 02:42 502272 32CC6D444728812F7C57F4800F779396 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 512000 14249F184280349B1F43E8F425DD01DB c:\windows\system32\winlogon.exe
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2002-08-29 03:50 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2002-08-29 02:03 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 00:12 1036288 238ECD0CB08464C1AB11C28B3F36858A c:\windows\explorer.exe
[-] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572_0$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 11:11 113152 E25C76CD6EDF85A79B32FFAD75132B8E c:\windows\system32\services.exe
[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 14848 C4B650E2357720A6E48D89EA8BEBDA9C c:\windows\system32\lsass.exe
[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2001-08-23 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 58880 B9BFAE7DD9AF836805D68197E3831A4D c:\windows\system32\spoolsv.exe
[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2002-08-29 03:41 930304 8F162DC91D67D87C1A481BF602A9DAC8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_03.16.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 22:17 . 2009-06-26 02:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-18 14:47 . 2009-06-24 03:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-18 14:47 . 2009-06-26 02:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-18 14:47 . 2009-06-24 03:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-18 14:47 . 2009-06-26 02:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-18 14:47 . 2009-06-24 03:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"6to4"=2 (0x2)
"SharedAccess"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S0 d344bus;d344bus;c:\windows\system32\DRIVERS\d344bus.sys [2003-12-28 137216]
S0 d344prt;d344prt;c:\windows\System32\Drivers\d344prt.sys [2003-12-27 5248]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 03:18]
.
- - - - ORPHANS REMOVED - - - -
SSODL-CECPclOaWDHk-{A405A916-0EAF-03BC-F0DA-E00C9B98D75D} - c:\windows\system32\nhnut.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - d:\micros~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 22:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-1801674531-682003330-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0.0008 0.0866 0.2742 0.598 0.7494 0.8545 0.8621 "
"Increment"=".003774"
"FRT"="4d0pBXmMWOc7v4/pP3q9Q3aDwmFM7WOCdyXueoKDfxV9lAhR6zqQiQ=="
"PLCK"="3nQg4b7umqAiM3e5IcEvxa1ujj0FtJW0"
"PHSH"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
.
Completion time: 2009-06-26 22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 02:58
ComboFix2.txt 2009-06-25 11:32
ComboFix3.txt 2009-06-24 03:53
ComboFix4.txt 2009-06-24 03:18
Pre-Run: 7,429,963,776 bytes free
Post-Run: 7,415,767,040 bytes free
411 --- E O F --- 2009-06-11 22:35
kornsoup
2009-06-26, 06:11
:devil: kornsoup :devil:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:41 PM, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\explorer.exe
J:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231109124714
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231109209683
O18 - Protocol: bw+0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
--
End of file - 16166 bytes
shelf life
2009-06-28, 13:54
Do you have internet connectivity on the machine now? If so update Malwarebytes and do a scan and post the log. Also post a new hjt log.
kornsoup
2009-06-28, 19:29
no internet and normal startup looks like im in safe-mode still(white/grey taskbar) ---------malwarebytes message:"run-time error 372 : failed to load control vbalgrig from vbalsgrid6.ocx. your version of vbalsgrid6.ocx may be outdated. make sure you are using the version of the control that was provided with you application."
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:58 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
J:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1993962763-1801674531-682003330-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231109124714
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231109209683
O18 - Protocol: bw+0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {AB34BF3E-060F-4226-83D6-2531FFE91667} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
--
End of file - 15428 bytes
shelf life
2009-06-29, 04:13
Malware is capable of leaving a machine in a bad state even after removal. Yours is looking that way. Combofix cant find two .exe.
All i can say for MBAM is to try uninstalling and re-installing. We can try two more things for the internet connectivity issue, both require downloads that would have to be transferred back to the machine. One bad thing about this is thats its possible for some malware to spread via usb drives, cant say if you have such malware or not. At least then you could download some more tools. You should also consider a reformat/reinstall of your machine.
1) download Lspfix:
http://www.cexx.org/LSPFix.exe
double click to open
check the I know what iam doing box
in the left hand pane (keep) highlight if present:
1685156.dll
click the >> to move it to the right side (remove)
click the finish button
reboot machine and if needed try #2
2) run Winsock XP fix
http://www.webattack.com/get/winsockxpfix.html
kornsoup
2009-06-29, 05:32
thanks for everything!!
shelf life
2009-06-30, 00:41
Your welcome. Sometimes a reformat is the quickest (and safest) thing to do. Here are some tips for you:
10 Tips for Reducing Your Risk To Malware:
The Short Version
In no special order:
1) It is essential to Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.
4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing.*
8) Install and understand the limitations of a software firewall.
9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)
10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p (http://www.virusvault.us/p2p.html) networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?
A longer version in link below.
Happy Safe Surfing.