Virtumonde has taken over my PC

**hondasptbk** · 2009-10-29, 16:28

I'm very new to this forum, but and old user of Spybot S&D. I'm hoping that someone can help me remove Virtumonde from my PC. Following a couple of threads on the web, I've already attempted to use combofix to remove this virus, but to no avail.

Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:41 AM, on 10/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91f027f1-2724-4a17-9f1d-0c1c5bcf5a5a} - segipusa.dll (file missing)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [zubevepepi] Rundll32.exe "yadebene.dll",s
O4 - HKLM\..\Run: [rulepanir] Rundll32.exe "c:\windows\system32\riturifa.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-21-839522115-1644491937-725345543-1005\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Brenda')
O4 - HKUS\S-1-5-21-839522115-1644491937-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Tavin')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1194369867421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194369856953
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A41EBD53-173B-4189-BE65-229CBFC614B3}: NameServer = 68.111.16.30,68.111.16.25
O18 - Protocol: bw+0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: tayituwas - {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll (file missing)
O21 - SSODL: sowewisub - {422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll
O22 - SharedTaskScheduler: tokatiluy - {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 21743 bytes

**Shaba** · 2009-10-30, 20:30

Hi hondasptbk

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**hondasptbk** · 2009-10-30, 23:35

Ableton Live v7.0.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe SVG Viewer 3.0
AI Gear
Alesis Multimix Firewire
American Greetings® Art & More Store
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASUS WiFi-AP Solo
AVG 8.5
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Drivers 6.0
Canon MP Navigator 1.0
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
Canon ScanGearStarter
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Cool & Quiet
Critical Update for Windows Media Player 11 (KB959772)
Enigma
ERUNT 1.1j
EZ Calendar
Game Maker 7.0
GGE v2.0
Google Earth
Google Updater
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Home Ftp Server
Home Ftp Server 1.9.2.127
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hunting Unlimited 4 1.0
iTunes
Java 2 Runtime Environment, SE v1.4.2_15
Joystick 2 Mouse 3
KartRider
KORG padKONTROL Editor Librarian
KORG USB-MIDI Driver Tools for Windows
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
M-Audio Series II MIDI
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Project Standard 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MIDI-OX
MobileMe Control Panel
Mozilla Firefox (3.0.14)
MP4 to MP3 Converter
Nero
NVIDIA Drivers
OmniPage SE 2.0
PC Probe II
PeaZip 2.3a
PhotoDVD 2.8.3
PhotoViewer v0.02
PowerDVD
Presto! PageManager 6.03
Presto! PageManager 7.15.16
PrintMaster 7.00
QuickTime
RealPlayer
Remote Control USB Driver
Rhapsody Player Engine
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Serif DrawPlus 3.0
Sonic Foundry Sound Forge 4.5c
Sony Image Data Suite
Sony Picture Utility
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SwiftMP3 1.0.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Ventrilo Client
WAV to MP3 Encoder
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Alesis (AlesisFirewire) MEDIA (03/06/2008 3.1.0.1210)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinSCP 3.8.2
Wisdom-soft ScreenHunter 5.0 Free
World of Warcraft
Yahoo! Messenger

**Shaba** · 2009-10-31, 12:03

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.

**hondasptbk** · 2009-10-31, 19:03

Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:16 AM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {91f027f1-2724-4a17-9f1d-0c1c5bcf5a5a} - segipusa.dll (file missing)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [zubevepepi] Rundll32.exe "yadebene.dll",s
O4 - HKLM\..\Run: [rulepanir] Rundll32.exe "c:\windows\system32\yonevena.dll",a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1194369867421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194369856953
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A41EBD53-173B-4189-BE65-229CBFC614B3}: NameServer = 68.111.16.30,68.111.16.25
O18 - Protocol: bw+0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: tayituwas - {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll (file missing)
O21 - SSODL: sowewisub - {422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll (file missing)
O21 - SSODL: kalidutug - {a1e16602-4c3f-4e71-89fe-82e2fae5185f} - c:\windows\system32\yonevena.dll
O22 - SharedTaskScheduler: tokatiluy - {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {a1e16602-4c3f-4e71-89fe-82e2fae5185f} - c:\windows\system32\yonevena.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 21244 bytes

**Shaba** · 2009-10-31, 19:18

Please post next combofix log.

It should be here - C:\ComboFix.txt.

**hondasptbk** · 2009-10-31, 23:56

Here is the combofix log.

ComboFix 09-10-30.01 - DJ 10/31/2009 15:22.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1547 [GMT -7:00]
Running from: c:\documents and settings\DJ\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DJ\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\DJ\Local Settings\temp\IadHide5.dll
c:\windows\system32\delehele.dll
c:\windows\system32\doluwuhi.dll
c:\windows\system32\duzeboyu.dll.tmp
c:\windows\system32\fejogeku.dll
c:\windows\system32\figohele.dll
c:\windows\system32\kazovovi.dll.tmp
c:\windows\system32\kipipasu.dll
c:\windows\system32\linetapa.dll.tmp
c:\windows\system32\merahuro.dll
c:\windows\system32\miwotado.dll
c:\windows\system32\namogizu.dll
c:\windows\system32\nebiteda.dll
c:\windows\system32\nofayasu.dll
c:\windows\system32\nuzadayi.dll
c:\windows\system32\pujorila.dll
c:\windows\system32\pumitebo.dll.tmp
c:\windows\system32\sanidayi.dll
c:\windows\system32\segipusa.dll
c:\windows\system32\tolerabi.dll
c:\windows\system32\towosuko.dll
c:\windows\system32\wuwuhimu.dll
c:\windows\system32\yadebene.dll
c:\windows\system32\yimelope.dll
c:\windows\system32\yonevena.dll
c:\windows\Tasks\ydquzmki.job

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 22:40 . 2005-01-20 14:30 67200 ----a-r- c:\windows\system32\drivers\SI3132_2.sys
2009-10-29 15:22 . 2009-10-29 15:23 -------- d-----w- c:\program files\ERUNT
2009-10-28 00:00 . 2009-10-28 00:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-26 18:47 . 2009-10-26 18:47 -------- d-----w- c:\program files\Trend Micro
2009-10-26 17:44 . 2009-10-26 17:44 -------- d-----w- C:\VundoFix Backups
2009-10-25 23:34 . 2009-10-25 23:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-16 16:24 . 2009-10-16 16:24 -------- d-----w- c:\program files\Citrix
2009-10-14 22:28 . 2009-10-14 22:31 -------- d-----w- c:\program files\MIDIOX
2009-10-11 07:16 . 2006-08-16 16:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2009-10-11 07:16 . 2006-08-16 16:23 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2009-10-11 07:16 . 2006-08-16 16:23 86016 ----a-w- c:\windows\system32\ma_cmidn.dll
2009-10-11 07:16 . 2006-08-16 16:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2009-10-11 07:16 . 2006-08-16 16:24 24128 ----a-w- c:\windows\system32\drivers\USBMM1X1.SYS
2009-10-11 07:16 . 2006-08-16 16:24 17920 ----a-w- c:\windows\system32\USBMM1X1.DLL
2009-10-11 07:16 . 2006-08-16 16:24 13504 ----a-w- c:\windows\system32\drivers\USB11LDR.SYS
2009-10-11 07:16 . 2006-08-16 16:24 12272 ----a-w- c:\windows\system32\USBMM1X1.DRV
2009-10-11 07:16 . 2006-08-16 16:23 14272 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2009-10-11 07:16 . 2006-08-16 16:23 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2009-10-11 04:03 . 2009-10-12 22:02 -------- d-----w- c:\program files\KORG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 15:47 . 2008-05-27 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-29 22:32 . 2008-11-18 04:45 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000002-00201102}.dat
2009-10-29 22:32 . 2008-11-18 04:45 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000008-00001102-00000002-00201102}.dat
2009-10-29 15:18 . 2008-09-24 05:14 -------- d-----w- c:\documents and settings\DJ\Application Data\BitTorrent
2009-10-29 15:18 . 2008-09-24 05:13 -------- d-----w- c:\program files\BitTorrent
2009-10-28 17:34 . 2007-11-06 19:11 -------- d-----w- c:\program files\World of Warcraft
2009-10-26 19:19 . 2007-11-06 17:41 22592 ----a-w- c:\documents and settings\DJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 01:46 . 2007-11-06 18:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 07:16 . 2008-09-27 22:51 -------- d-----w- c:\program files\M-Audio
2009-10-11 07:16 . 2007-11-06 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 21:51 . 2009-10-01 21:51 -------- d-----w- c:\program files\Joystick 2 Mouse 3
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 21:23 . 2009-09-05 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-05 21:23 . 2009-09-05 21:23 -------- d-----w- c:\program files\CyberLink
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 21:32 . 2007-11-06 20:31 -------- d-----w- c:\documents and settings\DJ\Application Data\Apple Computer
2009-08-29 08:08 . 2001-08-23 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 16:04 . 2009-03-08 22:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 16:04 . 2009-03-08 22:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 16:04 . 2009-03-08 22:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2001-08-23 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24 . 2007-11-06 17:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2007-07-31 03:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-11-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2007-11-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2007-11-06 16:53 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2001-08-23 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2007-11-06 17:24 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-11-06 17:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-11-06 16:53 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 02:23 . 2007-07-31 03:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:52 . 2009-08-05 02:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2001-08-23 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-12-04 00:22 . 2007-12-04 00:22 8183675 ----a-w- c:\program files\gmaker.exe
2009-07-31 03:48 . 2009-07-31 03:48 60416 --sha-w- c:\windows\system32\bihomojo.dll
2009-07-29 23:40 . 2009-07-29 23:40 90112 --sha-w- c:\windows\system32\mohoyodi.dll
2009-07-31 03:48 . 2009-07-31 03:48 89600 --sha-w- c:\windows\system32\tisitora.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-26_19.11.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 23:39 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\wdmaud.drv
+ 2009-10-29 23:39 . 2008-04-13 18:45 60032 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\USBAUDIO.sys
+ 2009-10-29 23:39 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\stream.sys
+ 2009-10-29 23:39 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\drmk.sys
+ 2007-11-06 16:56 . 2009-10-30 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-06 16:56 . 2009-10-26 17:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-06 16:56 . 2009-10-30 20:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-29 23:39 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ksuser.dll
+ 2009-10-29 23:39 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\portcls.sys
+ 2009-10-29 23:39 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ks.sys
- 2009-10-25 23:34 . 2009-10-26 17:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-25 23:34 . 2009-10-30 20:49 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-29 15:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\10-29-2009\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-07 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-28 415744]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-23 32881]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Joystick 2 Mouse"="c:\program files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe" [2005-07-28 176128]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"rulepanir"="c:\windows\system32\yonevena.dll" [BU]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-03 24576]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"zubevepepi"="yadebene.dll" [BU]

c:\documents and settings\DJ\Start Menu\Programs\Utilites\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-6 995328]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-7 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{c12bb536-d1f2-4a14-a381-f80d0356ce36}"= "c:\windows\system32\neyitofo.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tayituwas"= {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
"midi3"=KORGUMDD.DRV
"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMYPRT.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2009 3:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 3:30 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 3:29 PM 297752]
R3 AlesisFirewire;Alesis Firewire;c:\windows\system32\drivers\AlesisFirewire.sys [1/10/2009 5:10 PM 119680]
R3 AlesisFirewireAudio;Alesis Firewire Audio;c:\windows\system32\drivers\AlesisFirewireAudio.sys [1/10/2009 5:10 PM 19456]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [10/29/2008 1:11 AM 21720]
S3 AlesisFirewireMidi;Alesis Firewire MIDI;c:\windows\system32\drivers\AlesisFirewireMidi.sys [1/10/2009 5:10 PM 19456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [11/6/2007 11:00 AM 176128]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - SCSIPORT_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - SCSIPORT_2

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4eea296-c4e3-11de-a9b1-806d6172696f}]
\Shell\AutoRun\command - E:\BlueBirds.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: {A41EBD53-173B-4189-BE65-229CBFC614B3} = 68.111.16.30,68.111.16.25
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJPI142_15.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{91f027f1-2724-4a17-9f1d-0c1c5bcf5a5a} - segipusa.dll
Toolbar-Locked - (no file)
SharedTaskScheduler-{422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll
SharedTaskScheduler-{a1e16602-4c3f-4e71-89fe-82e2fae5185f} - c:\windows\system32\yonevena.dll
SSODL-sowewisub-{422072cf-4f59-4ca2-bb44-b4bfc3d7e4ee} - c:\windows\system32\riturifa.dll
SSODL-kalidutug-{a1e16602-4c3f-4e71-89fe-82e2fae5185f} - c:\windows\system32\yonevena.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Joystick 2 Mouse 3\Hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-31 15:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 22:47

Pre-Run: 7,690,866,688 bytes free
Post-Run: 7,454,855,168 bytes free

- - End Of File - - 4E853675044A8922555A75881A6435F0

**Shaba** · 2009-11-01, 11:31

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
c:\windows\system32\bihomojo.dll
c:\windows\system32\mohoyodi.dll
c:\windows\system32\tisitora.dll

Folder::
c:\documents and settings\DJ\Application Data\BitTorrent
c:\program files\BitTorrent

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

**hondasptbk** · 2009-11-01, 18:46

Here is the new Combofix log:

ComboFix 09-10-30.01 - DJ 11/01/2009 9:35.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1424 [GMT -8:00]
Running from: c:\documents and settings\DJ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DJ\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\bihomojo.dll"
"c:\windows\system32\mohoyodi.dll"
"c:\windows\system32\tisitora.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DJ\Application Data\BitTorrent
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\0877d59a6909b387ed3d6082f4c42cff05cef233
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\1fbe202650277984be109dd65f48a9ea8c29dd9d
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\8598767c33892a2fdd12b565dd3fa7f2cb5d34a4
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\c38faa1cb9ca8c4b9a50ff6a0c3ab50d93f19936
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\ce8f1c90f7ff595337a61ad0d98e3508418ab389
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\e4c1e2a51ce8872b0fbb1a46754c9de1b0981932
c:\documents and settings\DJ\Application Data\BitTorrent\data\metainfo\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\DJ\Application Data\BitTorrent\data\resume\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\DJ\Application Data\BitTorrent\data\resume\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\DJ\Application Data\BitTorrent\data\routing_table
c:\documents and settings\DJ\Application Data\BitTorrent\data\torrents\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\DJ\Application Data\BitTorrent\data\ui_config
c:\documents and settings\DJ\Application Data\BitTorrent\data\ui_state
c:\program files\BitTorrent
c:\program files\BitTorrent\credits-l10n.txt
c:\windows\system32\bihomojo.dll
c:\windows\system32\mohoyodi.dll
c:\windows\system32\tisitora.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-10-31 22:40 . 2005-01-20 14:30 67200 ----a-r- c:\windows\system32\drivers\SI3132_2.sys
2009-10-29 15:22 . 2009-10-29 15:23 -------- d-----w- c:\program files\ERUNT
2009-10-28 00:00 . 2009-10-28 00:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-26 18:47 . 2009-10-26 18:47 -------- d-----w- c:\program files\Trend Micro
2009-10-26 17:44 . 2009-10-26 17:44 -------- d-----w- C:\VundoFix Backups
2009-10-25 23:34 . 2009-10-25 23:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-16 16:24 . 2009-10-16 16:24 -------- d-----w- c:\program files\Citrix
2009-10-14 22:28 . 2009-10-14 22:31 -------- d-----w- c:\program files\MIDIOX
2009-10-11 07:16 . 2006-08-16 16:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2009-10-11 07:16 . 2006-08-16 16:23 21888 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2009-10-11 07:16 . 2006-08-16 16:23 86016 ----a-w- c:\windows\system32\ma_cmidn.dll
2009-10-11 07:16 . 2006-08-16 16:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2009-10-11 07:16 . 2006-08-16 16:24 24128 ----a-w- c:\windows\system32\drivers\USBMM1X1.SYS
2009-10-11 07:16 . 2006-08-16 16:24 17920 ----a-w- c:\windows\system32\USBMM1X1.DLL
2009-10-11 07:16 . 2006-08-16 16:24 13504 ----a-w- c:\windows\system32\drivers\USB11LDR.SYS
2009-10-11 07:16 . 2006-08-16 16:24 12272 ----a-w- c:\windows\system32\USBMM1X1.DRV
2009-10-11 07:16 . 2006-08-16 16:23 14272 ----a-w- c:\windows\system32\MA_CMIDI.DRV
2009-10-11 07:16 . 2006-08-16 16:23 17920 ----a-w- c:\windows\system32\MA_CMIDI.DLL
2009-10-11 04:03 . 2009-10-12 22:02 -------- d-----w- c:\program files\KORG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 15:47 . 2008-05-27 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-29 22:32 . 2008-11-18 04:45 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000002-00201102}.dat
2009-10-29 22:32 . 2008-11-18 04:45 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000008-00001102-00000002-00201102}.dat
2009-10-28 17:34 . 2007-11-06 19:11 -------- d-----w- c:\program files\World of Warcraft
2009-10-26 19:19 . 2007-11-06 17:41 22592 ----a-w- c:\documents and settings\DJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 01:46 . 2007-11-06 18:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 07:16 . 2008-09-27 22:51 -------- d-----w- c:\program files\M-Audio
2009-10-11 07:16 . 2007-11-06 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 21:51 . 2009-10-01 21:51 -------- d-----w- c:\program files\Joystick 2 Mouse 3
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 21:23 . 2009-09-05 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-05 21:23 . 2009-09-05 21:23 -------- d-----w- c:\program files\CyberLink
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 21:32 . 2007-11-06 20:31 -------- d-----w- c:\documents and settings\DJ\Application Data\Apple Computer
2009-08-29 08:08 . 2001-08-23 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 16:04 . 2009-03-08 22:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 16:04 . 2009-03-08 22:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 16:04 . 2009-03-08 22:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2001-08-23 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 02:24 . 2007-11-06 17:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2007-07-31 03:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-11-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2007-11-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2007-11-06 16:53 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2001-08-23 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2007-11-06 17:24 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-11-06 17:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-11-06 16:53 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 02:23 . 2007-07-31 03:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:52 . 2009-08-05 02:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2001-08-23 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-12-04 00:22 . 2007-12-04 00:22 8183675 ----a-w- c:\program files\gmaker.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-26_19.11.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 23:39 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\wdmaud.drv
+ 2009-10-29 23:39 . 2008-04-13 18:45 60032 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\USBAUDIO.sys
+ 2009-10-29 23:39 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\stream.sys
+ 2009-10-29 23:39 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\drmk.sys
+ 2007-11-06 16:56 . 2009-10-30 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-06 16:56 . 2009-10-26 17:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-29 23:39 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ksuser.dll
+ 2009-10-29 23:39 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\portcls.sys
+ 2009-10-29 23:39 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ks.sys
- 2009-10-25 23:34 . 2009-10-26 17:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-25 23:34 . 2009-10-30 20:49 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-29 15:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\10-29-2009\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-07 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-28 415744]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-23 32881]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Joystick 2 Mouse"="c:\program files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe" [2005-07-28 176128]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"rulepanir"="c:\windows\system32\yonevena.dll" [BU]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-03 24576]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"zubevepepi"="yadebene.dll" [BU]

c:\documents and settings\DJ\Start Menu\Programs\Utilites\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-6 995328]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-6 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{c12bb536-d1f2-4a14-a381-f80d0356ce36}"= "c:\windows\system32\neyitofo.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tayituwas"= {c12bb536-d1f2-4a14-a381-f80d0356ce36} - c:\windows\system32\neyitofo.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
"midi3"=KORGUMDD.DRV
"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMYPRT.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/8/2009 2:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/8/2009 2:30 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 2:29 PM 297752]
R3 AlesisFirewire;Alesis Firewire;c:\windows\system32\drivers\AlesisFirewire.sys [1/10/2009 4:10 PM 119680]
R3 AlesisFirewireAudio;Alesis Firewire Audio;c:\windows\system32\drivers\AlesisFirewireAudio.sys [1/10/2009 4:10 PM 19456]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [10/29/2008 12:11 AM 21720]
S3 AlesisFirewireMidi;Alesis Firewire MIDI;c:\windows\system32\drivers\AlesisFirewireMidi.sys [1/10/2009 4:10 PM 19456]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [11/6/2007 10:00 AM 176128]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - SCSIPORT_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - SCSIPORT_2
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: {A41EBD53-173B-4189-BE65-229CBFC614B3} = 68.111.16.30,68.111.16.25
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 09:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-01 9:41
ComboFix-quarantined-files.txt 2009-11-01 17:41
ComboFix2.txt 2009-10-31 22:47

Pre-Run: 7,392,108,544 bytes free
Post-Run: 7,343,603,712 bytes free

- - End Of File - - F1654B78523890F9EE34798F3D4B2DB0

**Shaba** · 2009-11-01, 19:57

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Thread: Virtumonde has taken over my PC

Thread Tools

Display

Virtumonde has taken over my PC

Posting Permissions